Skip to main content
CVE-2024-37156 MEDIUM PATCH This Month

The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Suluformbundle
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-5673 MEDIUM This Month

Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Phpfilemanager
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-3049 MEDIUM This Month

A flaw was found in Booth, a cluster ticket manager. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Booth Enterprise Linux Enterprise Linux Eus Enterprise Linux For Arm 64 +4
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-4013 MEDIUM This Month

A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.6
EPSS
0.3%
CVE-2024-2017 MEDIUM PATCH This Month

The Countdown, Coming Soon, Maintenance - Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

PHP WordPress Authentication Bypass Countdown Builder
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-4212 MEDIUM PATCH This Month

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TF Group Image, TF Nav Menu, TF Posts, TF Woo Product Grid, TF Accordion, and TF. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Themesflat Addons For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-5615 MEDIUM PATCH This Month

The Open Graph plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.2 via the 'opengraph_default_description' function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Open Graph
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-0910 MEDIUM This Month

The Restrict for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 due to improper restrictions on hidden data that make it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Restrict For Elementor Elementor
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-0972 MEDIUM This Month

The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.9 via the REST API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Authentication Bypass Buddypress Members Only
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-1175 MEDIUM This Month

The WP-Recall - Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wp Recall
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-37154 MEDIUM This Month

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Evmos
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-36735 MEDIUM This Month

OneFlow-Inc. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oneflow
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-5206 MEDIUM PATCH This Month

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. Rated medium severity (CVSS 4.7).

Information Disclosure Scikit Learn
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-4942 MEDIUM This Month

The Custom Dash plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS Custom Dash
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-5449 MEDIUM PATCH This Month

The WP Dark Mode - WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wp Dark Mode
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-5489 MEDIUM PATCH This Month

The Wbcom Designs - Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Custom Font Uploader
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-4788 MEDIUM PATCH This Month

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_bhf_post function in all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Boostify Header Footer Builder For Elementor Elementor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-32873 MEDIUM PATCH This Month

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Evmos
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-5256 MEDIUM This Month

Sonos Era 100 SMB2 Message Handling Integer Underflow Information Disclosure Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Information Disclosure Era 100 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-36106 MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kubernetes Argo Cd
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-5665 MEDIUM PATCH This Month

The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘export_settings’ function in versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Login Signup Popup
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy