Skip to main content
CVE-2024-39313 MEDIUM PATCH This Month

toy-blog is a headless content management system implementation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Toy Blog
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-39879 MEDIUM This Month

In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-39878 MEDIUM This Month

In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-36996 MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6050 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation vulnerability in SOKRATES-software SOWA OPAC allows a Reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sowa Opac
NVD
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-34696 MEDIUM PATCH This Month

GeoServer is an open source server that allows users to share and edit geospatial data. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Geoserver
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-3122 MEDIUM This Month

CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-39314 MEDIUM This Month

toy-blog is a headless content management system implementation. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-39428 MEDIUM This Month

In trusty service, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-39427 MEDIUM This Month

In trusty service, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-36989 MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Cloud
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-38480 MEDIUM This Month

"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Google
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2024-36995 LOW Monitor

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Splunk Cloud Platform
NVD
CVSS 3.1
3.5
EPSS
0.2%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy