Skip to main content
CVE-2024-35085 MEDIUM This Month

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-35224 MEDIUM PATCH This Month

OpenProject is the leading open source project management software. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Openproject
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35197 MEDIUM PATCH This Month

gitoxide is a pure Rust implementation of Git. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1855 MEDIUM PATCH This Month

The WPCafe - Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Wpcafe
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-4895 MEDIUM This Month

The wpDataTables - WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV import functionality in all versions up to,. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
4.7
EPSS
3.3%
CVE-2024-5279 MEDIUM This Month

A vulnerability was found in Qiwen Netdisk up to 1.4.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-28188 MEDIUM PATCH This Month

Jupyter Scheduler is collection of extensions for programming jobs to run now or run on a schedule. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-35223 MEDIUM PATCH This Month

Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-5241 MEDIUM This Month

A vulnerability was found in Huashi Private Cloud CDN Live Streaming Acceleration Server up to 20240520. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection
NVD VulDB GitHub
CVSS 4.0
5.1
EPSS
1.9%
CVE-2023-6844 MEDIUM This Month

The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to and including 5.0 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2024-3065 MEDIUM This Month

The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-3626 MEDIUM This Month

The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-3711 MEDIUM This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability check on the functions action_request_disable, action_change_template,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Brizy
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-1803 MEDIUM PATCH This Month

The EmbedPress - Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Google WordPress Authentication Bypass Embedpress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-5244 MEDIUM This Month

TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

TP-Link RCE Omada Er605 Firmware
NVD
CVSS 3.1
4.2
EPSS
0.3%
CVE-2024-32969 LOW PATCH Monitor

vantage6 is an open-source infrastructure for privacy preserving analysis. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
2.7
EPSS
0.3%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy