Skip to main content
CVE-2024-27180 MEDIUM This Month

An attacker with admin access can install rogue applications. Rated medium severity (CVSS 6.7), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-27146 MEDIUM This Month

The Toshiba printers do not implement privileges separation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-27163 MEDIUM This Month

Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-4863 MEDIUM PATCH This Month

The Gutenberg Blocks with AI by Kadence WP - Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Gutenberg Blocks With Ai
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-5994 MEDIUM This Month

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS WordPress Wp Go Maps
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-33373 MEDIUM This Month

An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Bl W1210M Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-27161 MEDIUM This Month

all the Toshiba printers have programs containing a hardcoded key used to encrypt files. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-27160 MEDIUM This Month

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-27159 MEDIUM This Month

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-27154 MEDIUM This Month

Passwords are stored in clear-text logs. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-37888 MEDIUM This Month

The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Link
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-23442 MEDIUM This Month

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Open Redirect Kibana
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37182 MEDIUM PATCH This Month

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Desktop
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-27162 MEDIUM This Month

Toshiba printers provide a web interface that will load the JavaScript file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
21.2%
CVE-2024-27142 MEDIUM This Month

Toshiba printers use XML communication for the API endpoint provided by the printer. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2024-27141 MEDIUM This Month

Toshiba printers use XML communication for the API endpoint provided by the printer. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2024-25142 MEDIUM PATCH This Month

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Apache Information Disclosure Airflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-5465 MEDIUM This Month

Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-36503 MEDIUM This Month

Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-36502 MEDIUM This Month

Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-36501 MEDIUM This Month

Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect integrity. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-36500 MEDIUM This Month

Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-36499 MEDIUM This Month

Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-37884 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-35040 MEDIUM This Month

Missing Authorization vulnerability in brewlabs SendPress Newsletters sendpress allows Exploiting Incorrectly Configured Access Control Security Levels.26.1.20. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-21988 MEDIUM PATCH This Month

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure Storagegrid
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-5961 MEDIUM This Month

Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting (XSS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.3
EPSS
1.3%
CVE-2024-23504 MEDIUM This Month

Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ninja Tables
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-31160 MEDIUM This Month

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Download Master
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-31159 MEDIUM This Month

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Download Master
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-37886 MEDIUM PATCH This Month

user_oidc app is an OpenID Connect user backend for Nextcloud. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Nextcloud Information Disclosure User Oidc
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-27179 MEDIUM This Month

Admin cookies are written in clear-text in logs. Rated medium severity (CVSS 4.7). No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-37317 MEDIUM PATCH This Month

The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Notes
NVD GitHub
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-37316 MEDIUM PATCH This Month

Nextcloud Calendar is a calendar app for Nextcloud. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Calendar
NVD GitHub
CVSS 3.1
4.6
EPSS
0.4%
CVE-2024-2023 MEDIUM This Month

The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2024-34012 MEDIUM This Month

Local privilege escalation due to insecure folder permissions. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Cloud Manager
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-27175 MEDIUM This Month

Remote Command program allows an attacker to read any file using a Local File Inclusion vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.9%
CVE-2023-6492 MEDIUM This Month

The Simple Sitemap - Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0892 MEDIUM This Month

The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-37883 MEDIUM PATCH This Month

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Deck
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-37315 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-5469 MEDIUM This Month

DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-30119 LOW Monitor

HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
3.7
EPSS
0.2%
CVE-2024-37887 LOW PATCH Monitor

Nextcloud Server is a self hosted personal cloud system. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
3.5
EPSS
0.4%
CVE-2024-37314 LOW PATCH Monitor

Nextcloud Photos is a photo management app. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
3.5
EPSS
0.4%
CVE-2024-36287 LOW PATCH Monitor

Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple Mattermost Mattermost Desktop
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-5464 LOW Monitor

Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-30120 LOW Monitor

HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web application. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
2.9
EPSS
0.2%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy