Skip to main content
CVE-2024-36501 MEDIUM This Month

Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect integrity. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-36500 MEDIUM This Month

Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-36499 MEDIUM This Month

Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-37884 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-35040 MEDIUM This Month

Missing Authorization vulnerability in brewlabs SendPress Newsletters sendpress allows Exploiting Incorrectly Configured Access Control Security Levels.26.1.20. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-21988 MEDIUM PATCH This Month

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure Storagegrid
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-5961 MEDIUM This Month

Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting (XSS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.3
EPSS
1.3%
CVE-2024-23504 MEDIUM This Month

Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ninja Tables
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-31160 MEDIUM This Month

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Download Master
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-31159 MEDIUM This Month

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Download Master
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-37886 MEDIUM PATCH This Month

user_oidc app is an OpenID Connect user backend for Nextcloud. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Nextcloud Information Disclosure User Oidc
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-27179 MEDIUM This Month

Admin cookies are written in clear-text in logs. Rated medium severity (CVSS 4.7). No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-37317 MEDIUM PATCH This Month

The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Notes
NVD GitHub
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-37316 MEDIUM PATCH This Month

Nextcloud Calendar is a calendar app for Nextcloud. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Calendar
NVD GitHub
CVSS 3.1
4.6
EPSS
0.4%
CVE-2024-2023 MEDIUM This Month

The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2024-34012 MEDIUM This Month

Local privilege escalation due to insecure folder permissions. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Cloud Manager
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-27175 MEDIUM This Month

Remote Command program allows an attacker to read any file using a Local File Inclusion vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.9%
CVE-2023-6492 MEDIUM This Month

The Simple Sitemap - Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0892 MEDIUM This Month

The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-37883 MEDIUM PATCH This Month

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Deck
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-37315 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-5469 MEDIUM This Month

DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy