Skip to main content
CVE-2024-5922 MEDIUM This Month

The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5424 MEDIUM This Month

The Gallery Blocks with Lightbox. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-35137 MEDIUM This Month

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Docker Security Access Manager
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-39828 MEDIUM This Month

R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-3801 MEDIUM This Month

Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in one of GET header parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS S M Cms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-3800 MEDIUM This Month

Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in requested file names. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS S M Cms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-30109 MEDIUM This Month

HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dryice Aex
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-25053 MEDIUM This Month

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Cognos Analytics
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-39347 MEDIUM This Month

Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Synology Router Manager
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-35139 MEDIUM This Month

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker IBM Security Access Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-37137 MEDIUM This Month

Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Cloudlink
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-2795 MEDIUM This Month

The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.1 via META description. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-5863 MEDIUM This Month

The Easy Image Collage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_image_collage() function in all versions up to, and including,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-25041 MEDIUM This Month

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cognos Analytics
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-39352 MEDIUM This Month

A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Synology Bc500 Firmware Tc500 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-6288 MEDIUM This Month

The Conversios - Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktok_user_id’. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress XSS Google
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-38518 MEDIUM This Month

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-5864 MEDIUM This Month

The Easy Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eafl_reset_settings AJAX action in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-39302 LOW Monitor

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
3.7
EPSS
0.5%
CVE-2024-38531 LOW Monitor

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. Rated low severity (CVSS 3.6). No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
3.6
EPSS
0.1%
CVE-2024-39307 LOW Monitor

Kavita is a cross platform reading server. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS
NVD GitHub
CVSS 3.1
3.5
EPSS
0.5%
CVE-2024-3995 LOW Monitor

In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Rated low severity (CVSS 2.0). No vendor patch available.

Code Injection Command Injection RCE
NVD
CVSS 4.0
2.0
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy