Skip to main content
CVE-2024-5648 MEDIUM This Month

The LearnDash LMS - Reports plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions (i.e. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-37923 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in cliengo Cliengo - Chatbot cliengo allows Cross Site Request Forgery.0.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-5993 MEDIUM This Month

The Cliengo - Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_session' function in all versions up to, and including,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-39901 MEDIUM PATCH This Month

OpenSearch Observability is collection of plugins and applications that visualize data-driven events. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Observability
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39900 MEDIUM PATCH This Month

OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Observability
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-38971 MEDIUM This Month

vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting (XSS) in the system backend. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vaethink
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-21730 MEDIUM This Month

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-39595 MEDIUM PATCH This Month

SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user-controlled inputs, resulting in Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS SAP Business Warehouse Business Warehouse Virtual Comp
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-37172 MEDIUM This Month

SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP S4core
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5810 MEDIUM This Month

The WP2Speed Faster - Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-3608 MEDIUM This Month

The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the product_designer_ajax_delete_attach_id() function in all versions up to,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6171 MEDIUM PATCH This Month

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.5.112 due to insufficient IP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Unlimited Elements For Elementor Free Widgets Addons Templates Elementor
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-4100 MEDIUM This Month

The Pricing Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-37430 MEDIUM This Month

Authentication Bypass by Spoofing vulnerability in patreon Patreon WordPress patreon-connect.9.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-22377 MEDIUM This Month

The deploy directory in PingFederate runtime nodes is reachable to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Pingfederate
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-40750 MEDIUM This Month

Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Linksys Information Disclosure Mx6200 Firmware Mbe7000 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-28068 MEDIUM This Month

A vulnerability was discovered in SS in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100,. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Samsung Null Pointer Dereference Denial Of Service Exynos 9820 Firmware Exynos 9825 Firmware +15
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-39899 MEDIUM PATCH This Month

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-35270 MEDIUM PATCH This Month

Windows iSCSI Service Denial of Service Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2024-6612 MEDIUM This Month

CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-39876 MEDIUM This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sinema Remote Connect Server
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-39875 MEDIUM This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-39871 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Sinema Remote Connect Server
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-5632 MEDIUM This Month

Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, create a WiFi network with a default password. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-37180 MEDIUM PATCH This Month

Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure SAP Sap Basis
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-37410 MEDIUM This Month

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in IdeaBox Creations PowerPack Lite for Beaver Builder. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-37171 MEDIUM This Month

SAP Transportation Management (Collaboration Portal) allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF SAP Saptmui Transportation Management
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2024-34689 MEDIUM This Month

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Information Disclosure SAP Business Workflow Sap Basis
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2024-38970 MEDIUM This Month

vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Vaethink
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-37464 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Path Traversal.3.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Beaver Builder Addons
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-33509 MEDIUM This Month

An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Fortinet Information Disclosure Fortiweb
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-37996 MEDIUM This Month

A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions <. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-34786 MEDIUM This Month

UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone (not using UniFi Network Application) that could cause the SSID name to change. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required. No vendor patch available.

Apple Information Disclosure Ubiquiti
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-30071 MEDIUM PATCH This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7).

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
4.7
EPSS
0.6%
CVE-2024-26015 MEDIUM This Month

An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy Fortios
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-6601 MEDIUM This Month

A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-39599 MEDIUM PATCH This Month

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass SAP Sap Basis
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-34692 MEDIUM This Month

Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Enable Now
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-5704 MEDIUM This Month

The XPlainer - WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-6167 MEDIUM This Month

The Just Custom Fields plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several AJAX functions in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-5856 MEDIUM This Month

The Comment Images Reloaded plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the cir_delete_image AJAX action in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-5855 MEDIUM This Month

The Media Hygiene: Remove or Delete Unused Images and More!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-6168 MEDIUM This Month

The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-22477 MEDIUM This Month

A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

XSS Pingfederate
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-39897 MEDIUM PATCH This Month

zot is an OCI image registry. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Zot
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-21759 MEDIUM This Month

An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiportal
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-6614 MEDIUM This Month

The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-6610 MEDIUM This Month

Form validation popups could capture escape key presses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-6608 MEDIUM This Month

It was possible to move the cursor using pointerlock from an iframe. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-39596 MEDIUM This Month

Due to missing authorization checks, SAP Enable Now allows an author to escalate privileges to access information which should otherwise be restricted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP
NVD
CVSS 3.1
4.3
EPSS
0.3%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy