Skip to main content
CVE-2024-2473 MEDIUM POC PATCH THREAT This Month

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.8%.

WordPress Authentication Bypass Wps Hide Login
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
11.8%
CVE-2024-36821 MEDIUM POC This Month

Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Linksys Velop Whw0101 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
2.9%
CVE-2024-5692 MEDIUM POC This Month

On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Microsoft Firefox Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-37161 MEDIUM POC This Month

MeterSphere is an open source continuous testing platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Metersphere
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-5687 MEDIUM POC This Month

If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Mozilla Firefox
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-2461 MEDIUM This Month

If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-35212 MEDIUM PATCH This Month

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Sinec Traffic Analyzer
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-35209 MEDIUM PATCH This Month

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Sinec Traffic Analyzer
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-30076 MEDIUM PATCH This Month

Windows Container Manager Service Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +8
NVD
CVSS 3.1
6.8
EPSS
1.7%
CVE-2024-2462 MEDIUM This Month

Allow attackers to intercept or falsify data exchanges between the client and the server. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.8
EPSS
0.2%
CVE-2024-35211 MEDIUM PATCH This Month

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Information Disclosure Sinec Traffic Analyzer
NVD
CVSS 4.0
6.8
EPSS
0.2%
CVE-2024-30063 MEDIUM PATCH This Month

Windows Distributed File System (DFS) Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.7
EPSS
1.0%
CVE-2024-29060 MEDIUM PATCH This Month

Visual Studio Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable.

Authentication Bypass Visual Studio 2017 Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2024-5843 MEDIUM This Month

Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-5840 MEDIUM This Month

Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-5839 MEDIUM This Month

Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-28022 MEDIUM This Month

A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Foxman Un Unem
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-26330 MEDIUM This Month

An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-34820 MEDIUM This Month

Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.7.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-31399 MEDIUM This Month

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Garoon
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-31400 MEDIUM This Month

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-34691 MEDIUM PATCH This Month

Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass SAP S 4 Hana
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-34683 MEDIUM PATCH This Month

An authenticated attacker can upload malicious file to SAP Document Builder service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

SAP File Upload Document Builder
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-33001 MEDIUM PATCH This Month

SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service SAP Netweaver Application Server Abap
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-5090 MEDIUM PATCH This Month

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Siteorigin Widgets Bundle
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-4669 MEDIUM PATCH This Month

The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Events Addon For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-5646 MEDIUM PATCH This Month

The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Futurio Extra
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-5530 MEDIUM PATCH This Month

The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +12 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Shoplentor
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-5584 MEDIUM This Month

The WordPress Online Booking and Scheduling Plugin - Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-5531 MEDIUM This Month

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flickr widget in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-0627 MEDIUM PATCH This Month

The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Custom Field Template
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-6745 MEDIUM PATCH This Month

The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Custom Field Template
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5189 MEDIUM PATCH This Month

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Essential Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-34826 MEDIUM This Month

Missing Authorization vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler.6.4. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-34824 MEDIUM This Month

Missing Authorization vulnerability in ThemeBoy SportsPress - Sports Club & League Manager.7.20. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sportspress
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-24704 MEDIUM This Month

Missing Authorization vulnerability in AddonMaster Load More Anything.3.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Load More Anything
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-35225 MEDIUM PATCH This Month

Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jupyter Server Proxy
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-5698 MEDIUM This Month

By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-5693 MEDIUM This Month

Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-34686 MEDIUM PATCH This Month

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS SAP Customer Relationship Management Webclient Ui
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-34684 MEDIUM PATCH This Month

On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-35263 MEDIUM PATCH This Month

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Dynamics 365
NVD
CVSS 3.1
5.7
EPSS
1.7%
CVE-2024-28023 MEDIUM This Month

A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-4266 MEDIUM PATCH This Month

The MetForm - Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Metform Elementor Contact Form Builder Elementor
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2024-4319 MEDIUM This Month

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2024-35255 MEDIUM PATCH MAL This Month

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Race Condition Information Disclosure Microsoft Authentication Library Azure Identity Sdk
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-30096 MEDIUM PATCH This Month

Windows Cryptographic Services Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2024-30067 MEDIUM PATCH This Month

Winlogon Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-30066 MEDIUM PATCH This Month

Winlogon Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-30065 MEDIUM PATCH This Month

Windows Themes Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
5.5
EPSS
0.8%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy