Skip to main content
CVE-2024-20896 MEDIUM This Month

Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-20895 MEDIUM This Month

Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to bypass restriction for calling SDP features. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-5545 MEDIUM PATCH This Month

The Motors - Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Motors Car Dealer Classifieds Listing
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-6099 MEDIUM PATCH This Month

The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Learnpress
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-39325 MEDIUM PATCH This Month

aimeos/ai-controller-frontend is the Aimeos frontend controller. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Aimeos Frontend Controller
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6381 MEDIUM This Month

The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Libbson
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-39891 MEDIUM KEV THREAT This Month

In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google Authy Authy Authenticator
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2024-6441 MEDIUM This Month

A vulnerability was found in ORIPA up to 1.72. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-34601 MEDIUM This Month

Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-39326 MEDIUM This Month

SkillTree is a micro-learning gamification platform. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

CSRF File Upload
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-6012 MEDIUM PATCH This Month

The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Cost Calculator Builder
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-5866 MEDIUM This Month

Vulnerability in Delinea Centrify PAS v. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Privileged Access Service
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-34592 MEDIUM This Month

Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-34591 MEDIUM This Month

Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-34590 MEDIUM This Month

Improper input validation혻in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-20894 MEDIUM This Month

Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-20889 MEDIUM This Month

Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
4.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy