Skip to main content
CVE-2024-5632 MEDIUM This Month

Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, create a WiFi network with a default password. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-37180 MEDIUM PATCH This Month

Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure SAP Sap Basis
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-37410 MEDIUM This Month

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in IdeaBox Creations PowerPack Lite for Beaver Builder. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-37171 MEDIUM This Month

SAP Transportation Management (Collaboration Portal) allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF SAP Saptmui Transportation Management
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2024-34689 MEDIUM This Month

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Information Disclosure SAP Business Workflow Sap Basis
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2024-38970 MEDIUM This Month

vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Vaethink
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-37464 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Path Traversal.3.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Beaver Builder Addons
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-33509 MEDIUM This Month

An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Fortinet Information Disclosure Fortiweb
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-37996 MEDIUM This Month

A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions <. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-34786 MEDIUM This Month

UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone (not using UniFi Network Application) that could cause the SSID name to change. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required. No vendor patch available.

Apple Information Disclosure Ubiquiti
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-30071 MEDIUM PATCH This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7).

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
4.7
EPSS
0.6%
CVE-2024-26015 MEDIUM This Month

An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy Fortios
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-6601 MEDIUM This Month

A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-39599 MEDIUM PATCH This Month

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass SAP Sap Basis
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-34692 MEDIUM This Month

Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Enable Now
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-5704 MEDIUM This Month

The XPlainer - WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-6167 MEDIUM This Month

The Just Custom Fields plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several AJAX functions in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-5856 MEDIUM This Month

The Comment Images Reloaded plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the cir_delete_image AJAX action in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-5855 MEDIUM This Month

The Media Hygiene: Remove or Delete Unused Images and More!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-6168 MEDIUM This Month

The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-22477 MEDIUM This Month

A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

XSS Pingfederate
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-39897 MEDIUM PATCH This Month

zot is an OCI image registry. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Zot
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-21759 MEDIUM This Month

An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiportal
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-6614 MEDIUM This Month

The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-6610 MEDIUM This Month

Form validation popups could capture escape key presses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-6608 MEDIUM This Month

It was possible to move the cursor using pointerlock from an iframe. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-39596 MEDIUM This Month

Due to missing authorization checks, SAP Enable Now allows an author to escalate privileges to access information which should otherwise be restricted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-39600 MEDIUM This Month

Under certain conditions, the memory of SAP GUI for Windows contains the password used to log on to an SAP system, which might allow an attacker to get hold of the password and impersonate the. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure SAP Microsoft Gui For Windows
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2024-27361 MEDIUM This Month

A vulnerability was discovered in Samsung Mobile Processor Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, and Exynos 2400 that involves a time-of-check to. Rated medium severity (CVSS 4.1). No vendor patch available.

Samsung Denial Of Service Exynos 980 Firmware Exynos 990 Firmware Exynos 1080 Firmware +5
NVD
CVSS 3.1
4.1
EPSS
0.1%
CVE-2024-28067 LOW Monitor

A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middle (MITM) attacker to downgrade the security mode of packets going to the victim, enabling the attacker to send messages to the. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Samsung Exynos Modem 5300 Firmware
NVD
CVSS 3.1
3.7
EPSS
0.3%
CVE-2024-21832 LOW Monitor

A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2024-35777 LOW Monitor

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Automattic WooCommerce allows Content Spoofing.9.2. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection WordPress
NVD
CVSS 3.1
3.5
EPSS
0.4%
CVE-2024-6501 LOW Monitor

A flaw was found in NetworkManager. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
3.1
EPSS
0.4%
CVE-2024-37253 LOW Monitor

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in WpDirectoryKit WP Directory Kit allows Code Injection.3.6. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Wp Directory Kit
NVD
CVSS 3.1
2.7
EPSS
0.3%
Prev Page 9 of 9

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy