Skip to main content
CVE-2024-4105 MEDIUM This Month

A vulnerability has been found in FAST/TOOLS and CI Server. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.8
EPSS
0.5%
CVE-2024-29954 MEDIUM This Month

A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-38527 MEDIUM PATCH This Month

ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-25637 MEDIUM PATCH This Month

October is a self-hosted CMS platform based on the Laravel PHP Framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS October
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-38520 MEDIUM This Month

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-38375 MEDIUM PATCH This Month

@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Use After Free Information Disclosure Memory Corruption
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-4106 MEDIUM This Month

A vulnerability has been found in FAST/TOOLS and CI Server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-34580 MEDIUM This Month

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

SSRF Apache
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-29173 MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Dell Data Domain Operating System
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-28973 MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Dell Data Domain Operating System
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-24764 MEDIUM PATCH This Month

October is a self-hosted CMS platform based on the Laravel PHP Framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Open Redirect October
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-29174 MEDIUM This Month

Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass SQLi Dell Data Domain Operating System
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-27867 MEDIUM This Month

An authentication issue was addressed with improved state management. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Airpods Firmware Powerbeats Firmware Airpods Pro Firmware Beats Fit Pro Firmware +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-37571 MEDIUM This Month

Buffer Overflow vulnerability in SAS Broker 9.2 build 1495 allows attackers to cause denial of service or obtain sensitive information via crafted payload to the '_debug' parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-39460 MEDIUM PATCH This Month

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Bitbucket Branch Source
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-39459 MEDIUM PATCH This Month

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Plain Credentials
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-29953 MEDIUM This Month

A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-23765 MEDIUM This Month

An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2024-21520 LOW PATCH Monitor

Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS
NVD GitHub
CVSS 4.0
2.1
EPSS
8.6%
CVE-2024-37141 LOW Monitor

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Open Redirect Dell Data Domain Operating System
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2024-39458 LOW PATCH Monitor

When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jenkins Structs
NVD
CVSS 3.1
3.1
EPSS
0.4%
CVE-2024-28830 LOW Monitor

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 3.1
2.7
EPSS
0.3%
CVE-2024-29177 LOW Monitor

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Data Domain Operating System
NVD
CVSS 3.1
2.7
EPSS
0.3%
CVE-2024-38364 LOW PATCH Monitor

DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
2.6
EPSS
0.4%
CVE-2024-6344 LOW Monitor

A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. Rated low severity (CVSS 1.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zkbiosecurity V5000
NVD VulDB
CVSS 4.0
1.9
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy