Skip to main content
CVE-2024-5196 MEDIUM This Month

A vulnerability classified as critical has been found in Arris VAP2500 08.50. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Vap2500 Firmware
NVD VulDB GitHub
CVSS 4.0
5.1
EPSS
4.2%
CVE-2024-5195 MEDIUM This Month

A vulnerability was found in Arris VAP2500 08.50. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Vap2500 Firmware
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
4.2%
CVE-2024-5194 MEDIUM This Month

A vulnerability was found in Arris VAP2500 08.50. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Vap2500 Firmware
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
3.6%
CVE-2024-0451 MEDIUM PATCH This Month

The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Wpbot
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2024-0452 MEDIUM PATCH This Month

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Wpbot
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2024-0453 MEDIUM PATCH This Month

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Wpbot
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2024-20355 MEDIUM This Month

A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2024-31340 MEDIUM This Month

TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

TP-Link Information Disclosure
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-0632 MEDIUM This Month

The Automatic Translator with Google Translate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom font setting in all versions up to, and including, 1.5.4 due to. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Google XSS WordPress
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2023-6487 MEDIUM This Month

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Header Title' field in all versions up to and including 2.1.4 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress Luckywp Table Of Contents
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-30420 MEDIUM This Month

Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF A Blog Cms
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-2036 MEDIUM This Month

The ApplyOnline - Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aol_modal_box AJAX action in all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-3663 MEDIUM This Month

The WP Scraper plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wp_scraper_multi_scrape_action() function in all versions up to, and including, 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-31894 MEDIUM PATCH This Month

IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure App Connect Enterprise
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-31893 MEDIUM PATCH This Month

IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure App Connect Enterprise
NVD
CVSS 3.1
4.3
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy