Skip to main content
CVE-2024-39594 MEDIUM PATCH This Month

SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS SAP Business Warehouse Business Warehouse Virtual Comp
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37174 MEDIUM This Month

Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Customer Relationship Management S4Fnd Customer Relationship Management Webclient Ui
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37173 MEDIUM This Month

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Customer Relationship Management S4Fnd Customer Relationship Management Webclient Ui
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-34685 MEDIUM This Month

Due to weak encoding of user-controlled input in SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can be executed in the application, potentially leading to a Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Knowledge Management And Collaboration Kmc Cm
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-27363 MEDIUM This Month

A vulnerability was discovered in Samsung Mobile Processor Exynos 850, Exynos 9610, Exynos 980, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, and Exynos W930 where it does not properly check a. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-5631 MEDIUM This Month

Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, are transmitting user's login and password to a remote control service without using any encryption. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.0
EPSS
0.2%
CVE-2024-37865 MEDIUM This Month

An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain sensitive information via the S3 compatible storage component. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure S3 Browser
NVD GitHub
CVSS 3.1
5.9
EPSS
0.7%
CVE-2024-38099 MEDIUM PATCH This Month

Windows Remote Desktop Licensing Service Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Denial Of Service Microsoft Windows Server 2008 Windows Server 2012 +4
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2024-39593 MEDIUM This Month

SAP Landscape Management allows an authenticated user to read confidential data disclosed by the REST Provider Definition response. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Landscape Management
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-37437 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor.22.1. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Elementor
NVD VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-39328 MEDIUM This Month

A vulnerability was found in OpenJPEG similar to CVE-2019-6988. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Openjpeg
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-39072 MEDIUM This Month

AMTT Hotel Broadband Operation System (HiBOS) v3.0.3.151204 is vulnerable to SQL injection via manager/conference/calendar_remind.php. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Hibos
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-34721 MEDIUM PATCH This Month

In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-31314 MEDIUM PATCH This Month

In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-31312 MEDIUM PATCH This Month

In multiple locations, there is a possible information leak due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34140 MEDIUM This Month

Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Bridge
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-5652 MEDIUM This Month

In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Docker Denial Of Service Microsoft Desktop
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-38056 MEDIUM PATCH This Month

Microsoft Windows Codecs Library Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-38055 MEDIUM PATCH This Month

Microsoft Windows Codecs Library Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-38041 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +8
NVD
CVSS 3.1
5.5
EPSS
2.2%
CVE-2024-38017 MEDIUM PATCH This Month

Microsoft Message Queuing Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2024-6613 MEDIUM This Month

The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-37442 MEDIUM This Month

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Code Injection.7.1. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Photo Gallery
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-37502 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login woo-social-login.6.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Deserialization
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3228 MEDIUM PATCH This Month

The Social Sharing Plugin - Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Kiwi Social Share
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-4102 MEDIUM This Month

The Pricing Table plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 2.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5600 MEDIUM This Month

The SCSS Happy Compiler - Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass XSS WordPress
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-5648 MEDIUM This Month

The LearnDash LMS - Reports plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions (i.e. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-37923 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in cliengo Cliengo - Chatbot cliengo allows Cross Site Request Forgery.0.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-5993 MEDIUM This Month

The Cliengo - Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_session' function in all versions up to, and including,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-39901 MEDIUM PATCH This Month

OpenSearch Observability is collection of plugins and applications that visualize data-driven events. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Observability
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39900 MEDIUM PATCH This Month

OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Observability
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-38971 MEDIUM This Month

vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting (XSS) in the system backend. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vaethink
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-21730 MEDIUM This Month

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-39595 MEDIUM PATCH This Month

SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user-controlled inputs, resulting in Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS SAP Business Warehouse Business Warehouse Virtual Comp
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-37172 MEDIUM This Month

SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP S4core
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5810 MEDIUM This Month

The WP2Speed Faster - Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-3608 MEDIUM This Month

The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the product_designer_ajax_delete_attach_id() function in all versions up to,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6171 MEDIUM PATCH This Month

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.5.112 due to insufficient IP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Unlimited Elements For Elementor Free Widgets Addons Templates Elementor
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-4100 MEDIUM This Month

The Pricing Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-37430 MEDIUM This Month

Authentication Bypass by Spoofing vulnerability in patreon Patreon WordPress patreon-connect.9.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-22377 MEDIUM This Month

The deploy directory in PingFederate runtime nodes is reachable to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Pingfederate
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-40750 MEDIUM This Month

Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Linksys Information Disclosure Mx6200 Firmware Mbe7000 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-28068 MEDIUM This Month

A vulnerability was discovered in SS in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100,. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Samsung Null Pointer Dereference Denial Of Service Exynos 9820 Firmware Exynos 9825 Firmware +15
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-39899 MEDIUM PATCH This Month

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-35270 MEDIUM PATCH This Month

Windows iSCSI Service Denial of Service Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2024-6612 MEDIUM This Month

CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-39876 MEDIUM This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sinema Remote Connect Server
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-39875 MEDIUM This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-39871 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Sinema Remote Connect Server
NVD
CVSS 4.0
5.3
EPSS
0.2%
Prev Page 8 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy