Skip to main content
CVE-2024-38273 MEDIUM PATCH This Month

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Moodle Fedora
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-38507 MEDIUM This Month

In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hub
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-5541 MEDIUM This Month

The Ibtana - WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Ibtana
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-38504 MEDIUM This Month

In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Youtrack
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-0066 MEDIUM This Month

Johan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may expose sensitive traffic between the client (Axis device) and (O3C) server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-6083 MEDIUM This Month

A vulnerability, which was classified as critical, was found in PHPVibe 11.0.46. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Phpvibe
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-5860 MEDIUM This Month

The Tickera - WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Tickera
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-5967 LOW PATCH Monitor

A vulnerability was found in Keycloak. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
2.7
EPSS
0.6%
CVE-2024-5899 LOW Monitor

When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. Rated low severity (CVSS 1.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Bazel For Android Studio Bazel For Clion Bazel For Intellij
NVD GitHub
CVSS 4.0
1.0
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy