Skip to main content
CVE-2024-37294 MEDIUM PATCH This Month

Aimeos is an Open Source e-commerce framework for online shops. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-22261 MEDIUM PATCH This Month

SQL-Injection in Harbor allows priviledge users to leak the task IDs. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Harbor
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-3723 MEDIUM This Month

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-34815 MEDIUM This Month

Missing Authorization vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.26.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-34804 MEDIUM This Month

Missing Authorization vulnerability in Tagembed.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-35663 MEDIUM This Month

Missing Authorization vulnerability in HahnCreativeGroup WP Translate.3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-31403 MEDIUM This Month

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37176 MEDIUM PATCH This Month

SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass SAP Bw 4Hana
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-34690 MEDIUM PATCH This Month

SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass SAP Student Life Cycle Management
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-34763 MEDIUM This Month

Missing Authorization vulnerability in Saleswonder Team: Tobias Builder for WooCommerce reviews shortcodes - ReviewShort woo-product-reviews-shortcode.01.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-34813 MEDIUM This Month

Missing Authorization vulnerability in Moreconvert Team MC Woocommerce Wishlist smart-wishlist-for-more-convert.7.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-34819 MEDIUM This Month

Missing Authorization vulnerability in Moreconvert Team MC Woocommerce Wishlist smart-wishlist-for-more-convert.7.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-34821 MEDIUM This Month

Missing Authorization vulnerability in Anssi Laitila Contact List contact-list.9.87. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-34406 MEDIUM This Month

Improper exception handling in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep link. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-5851 MEDIUM This Month

A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-34799 MEDIUM This Month

Missing Authorization vulnerability in Repute Infosystems BookingPress.0.82. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bookingpress
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-34768 MEDIUM This Month

Missing Authorization vulnerability in Fastly.2.25. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-34758 MEDIUM This Month

Missing Authorization vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform.6.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-34822 MEDIUM This Month

Missing Authorization vulnerability in weDevs weMail.14.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wemail
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-34753 MEDIUM This Month

Missing Authorization vulnerability in SoftLab Radio Player.0.73. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Radio Player
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-23521 MEDIUM This Month

Missing Authorization vulnerability in Happyforms.25.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Happyforms
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-37296 MEDIUM PATCH This Month

The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-35667 MEDIUM This Month

Missing Authorization vulnerability in WP EasyCart.5.19. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-35665 MEDIUM This Month

Missing Authorization vulnerability in namithjawahar Insert Post Ads.3.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-35683 MEDIUM This Month

Missing Authorization vulnerability in Teplitsa of social technologies Leyka.31.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-34442 MEDIUM This Month

Missing Authorization vulnerability in weDevs weDocs.1.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-5829 MEDIUM This Month

A vulnerability classified as problematic was found in smallweigit Avue up to 3.4.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-35685 MEDIUM This Month

Missing Authorization vulnerability in Anders Norén Radcliffe 2.0.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-28164 MEDIUM This Month

SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure SAP Netweaver Application Server Java
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-35210 MEDIUM PATCH This Month

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Sinec Traffic Analyzer
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-37178 MEDIUM This Month

SAP Financial Consolidation does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2024-5813 MEDIUM This Month

A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Beyondinsight Password Safe
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-31397 MEDIUM This Month

Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-23111 MEDIUM This Month

An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet XSS Fortiproxy Fortios
NVD
CVSS 3.1
4.8
EPSS
1.0%
CVE-2024-35208 MEDIUM PATCH This Month

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Sinec Traffic Analyzer
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2024-30069 MEDIUM PATCH This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7).

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
4.7
EPSS
0.6%
CVE-2024-30052 MEDIUM PATCH This Month

Visual Studio Remote Code Execution Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required.

RCE Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
4.7
EPSS
1.4%
CVE-2024-5691 MEDIUM This Month

By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2024-0653 MEDIUM PATCH This Month

The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Custom Field Template
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-35253 MEDIUM PATCH This Month

Microsoft Azure File Sync Elevation of Privilege Vulnerability. Rated medium severity (CVSS 4.4).

Information Disclosure Microsoft Azure File Sync
NVD
CVSS 3.1
4.4
EPSS
0.7%
CVE-2024-21754 MEDIUM This Month

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortiproxy Fortios
NVD
CVSS 3.1
4.4
EPSS
3.5%
CVE-2023-6748 MEDIUM PATCH This Month

The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure WordPress Custom Field Template
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-32146 MEDIUM This Month

Missing Authorization vulnerability in Aspose.Cloud Marketplace Aspose.Words Exporter.Words Exporter: from n/a through 6.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-23518 MEDIUM This Month

Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-32144 MEDIUM This Month

Missing Authorization vulnerability in Welcart Inc. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Welcart E Commerce
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-23503 MEDIUM This Month

Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.0.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ninja Tables
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-35628 MEDIUM This Month

Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.8.25. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Photo Gallery
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-35168 MEDIUM This Month

Missing Authorization vulnerability in Discourse WP Discourse.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-32148 MEDIUM This Month

Missing Authorization vulnerability in Salesforce Pardot.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-35671 MEDIUM This Month

Missing Authorization vulnerability in Minoji MJ Update History.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy