Skip to main content
CVE-2024-37183 MEDIUM This Month

Plain text credentials and session ID can be captured with a network sniffer. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure L210 F2G Firmware
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-6183 MEDIUM This Month

A vulnerability classified as problematic has been found in EZ-Suite EZ-Partner 5. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ez Partner
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-6154 MEDIUM This Month

Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation RCE Parallels Desktop
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-4742 MEDIUM This Month

The Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Youzify
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-4390 MEDIUM This Month

The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Depicter
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-3204 MEDIUM PATCH This Month

The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Materialis
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-38359 MEDIUM PATCH This Month

The Lightning Network Daemon (lnd) - is a complete implementation of a Lightning Network node. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-29013 MEDIUM This Month

Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service Sonicos
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-5036 MEDIUM PATCH This Month

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Sina Extension For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-4626 MEDIUM This Month

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_type’ and 'id' parameters in all versions up to, and including, 1.0.17 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Jetwidgets For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-5686 MEDIUM This Month

The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wpzoom Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-1168 MEDIUM This Month

The SEOPress - On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social image URL in all versions up to, and including, 7.9 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Seopress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5156 MEDIUM This Month

The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.18.7 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-36071 MEDIUM This Month

Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. Rated medium severity (CVSS 6.3). No vendor patch available.

Privilege Escalation Samsung Microsoft Magician
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-33335 MEDIUM This Month

SQL Injection vulnerability in H3C technology company SeaSQL DWS V2.0 allows a remote attacker to execute arbitrary code via a crafted file. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE SQLi
NVD GitHub
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-30848 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in SilverSky E-mail service version 5.0.3126 allows remote attackers to inject arbitrary web script or HTML via the version parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37222 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.10.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Master Slider
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-38619 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member "uzonesize" of struct alauda_info will remain 0 if. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-38620 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCI_AMP support Since BT_HS has been remove HCI_AMP controllers no longer has any use so remove it along. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-3627 MEDIUM This Month

The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP Wheel Of Life
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-37897 MEDIUM PATCH This Month

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37345 MEDIUM This Month

There is a cross-site scripting vulnerability in the Secure Access administrative UI of Absolute Secure Access prior to version 13.06. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Secure Access
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-37343 MEDIUM This Month

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Secure Access
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-34693 MEDIUM PATCH This Month

Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2024-37346 MEDIUM This Month

There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Secure Access
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-6179 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.1.3 before < 4.3.1. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Supersign Cms
NVD
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-6178 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.1.3 before < 4.3.1. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Supersign Cms
NVD
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-6177 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.1.3 before < 4.3.1. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Supersign Cms
NVD
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-6176 MEDIUM This Month

Allocation of Resources Without Limits or Throttling vulnerability in LG Electronics LG SuperSign CMS allows Port Scanning.1.3 before < 4.3.1. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-38082 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-37350 MEDIUM This Month

There is a cross-site scripting vulnerability in the policy management UI of Absolute Secure Access prior to version 13.06. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Secure Access
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-3602 MEDIUM This Month

The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers - Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Popup Builder
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-38093 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-37352 LOW Monitor

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Secure Access
NVD
CVSS 3.1
3.4
EPSS
0.3%
CVE-2024-37351 LOW Monitor

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Secure Access
NVD
CVSS 3.1
3.4
EPSS
0.3%
CVE-2024-37349 LOW Monitor

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Secure Access
NVD
CVSS 3.1
3.4
EPSS
0.3%
CVE-2024-37348 LOW Monitor

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Secure Access
NVD
CVSS 3.1
3.4
EPSS
0.3%
CVE-2024-37347 LOW Monitor

There is a cross-site scripting vulnerability in the pool configuration component of the management UI of Absolute Secure Access prior to 13.06. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Secure Access
NVD
CVSS 3.1
3.4
EPSS
0.3%
CVE-2024-37344 LOW Monitor

There is a cross-site scripting vulnerability in the Policy management UI of Absolute Secure Access prior to version 13.06. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Secure Access
NVD
CVSS 3.1
3.4
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy