Skip to main content
CVE-2024-39693 HIGH PATCH This Week

Next.js is a React framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-37115 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.0.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-37110 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.26.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-6421 HIGH This Week

An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Oit700 F113 B12 Cb Firmware Oit500 F113 B12 Cb Firmware Oit200 F113 B12 Cb Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-21526 HIGH This Week

All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-21523 HIGH This Week

All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-21522 HIGH This Week

All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-21521 HIGH This Week

All versions of the package @discordjs/opus are vulnerable to Denial of Service (DoS) due to providing an input object with a property toString to several different functions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-6433 HIGH This Week

The application zips all the files in the folder specified by the user, which allows an attacker to read arbitrary files on the system by providing a crafted path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2024-5491 HIGH This Week

Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler. Rated high severity (CVSS 7.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Citrix Denial Of Service Netscaler Application Delivery Controller Netscaler Gateway
NVD
CVSS 4.0
7.2
EPSS
0.8%
CVE-2024-39560 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-39558 HIGH This Week

An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent, unauthenticated attacker. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-39557 HIGH This Week

An Uncontrolled Resource Consumption vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-39556 HIGH This Week

A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a. Rated high severity (CVSS 7.1). No vendor patch available.

Juniper Buffer Overflow Stack Overflow RCE Denial Of Service +2
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2024-39517 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated,. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-39514 HIGH This Week

An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-6236 HIGH This Week

Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Citrix Denial Of Service Netscaler Agent Netscaler Console +1
NVD
CVSS 4.0
7.1
EPSS
0.7%
CVE-2024-32469 HIGH PATCH This Week

Decidim is a participatory democracy framework. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-39512 HIGH This Week

An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Os Evolved
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-5911 HIGH This Week

An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto File Upload Pan Os
NVD
CVSS 4.0
7.0
EPSS
0.6%
CVE-2024-39492 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: Fix pm_runtime_get_sync() warning in mbox shutdown The return value of pm_runtime_get_sync() in. Rated high severity (CVSS 7.0).

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2024-32670 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor in Samsung Galaxy SmartTag2 prior to 0.20.04 allows attackes to potentially identify the tag's location by scanning the BLE adversting. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Samsung
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-39561 MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX4600 and SRX5000 Series allows an attacker to send TCP packets with. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-5178 MEDIUM This Month

ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
6.9
EPSS
33.6%
CVE-2023-6813 MEDIUM PATCH This Month

The Login by Auth0 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wle’ parameter in all versions up to, and including, 4.6.0 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
3.5%
CVE-2024-39513 MEDIUM This Month

An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows a local, low-privileged attacker to cause a Denial of Service (DoS). Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2024-39511 MEDIUM This Month

An Improper Input Validation vulnerability in the 802.1X Authentication (dot1x) Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to the CLI to cause a Denial of. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2024-25076 MEDIUM This Month

An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-5913 MEDIUM This Month

An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-5912 MEDIUM This Month

An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Paloalto
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2024-40412 MEDIUM This Month

Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceList parameter of the sub_42E410 function. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Ax12 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-20456 MEDIUM This Month

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple Cisco Ios Xr
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-40417 MEDIUM This Month

A vulnerability was found in Tenda AX1806 1.0.0.1. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-4866 MEDIUM This Month

The UltraAddons - Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Ultraaddons
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-5664 MEDIUM PATCH This Month

The MP3 Audio Player - Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaar_audioplayer. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Mp3 Audio Player For Music Radio Podcast
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-39490 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix missing sk_buff release in seg6_input_core The seg6_input() function is responsible for adding the SRH into a packet,. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-36453 MEDIUM This Month

Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Usermin Webmin
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-39493 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Using completion_done to determine whether the caller has gone away only works. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-39489 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6_hmac_init_algo seg6_hmac_init_algo returns without cleaning up the previous allocations if one fails,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-39491 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance The cs_dsp instance is initialized in the driver probe() so it should be freed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-39488 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY When CONFIG_DEBUG_BUGVERBOSE=n, we fail to add necessary padding bytes to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-25023 MEDIUM This Month

IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security Qradar Suite
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-6550 MEDIUM This Month

The Gravity Forms: Multiple Form Instances plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2024-6556 MEDIUM This Month

The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.10.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-36450 MEDIUM This Month

Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Webmin
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37270 MEDIUM This Month

Insertion of Sensitive Information Into Sent Data vulnerability in TrustedLogin TrustedLogin Vendor vendor.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-6148 MEDIUM PATCH This Month

Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Citrix Workspace
NVD
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-27090 MEDIUM PATCH This Month

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-37504 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FileBird Document Library.0.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-37498 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pauple Table & Contact Form 7 Database - Tablesome.0.33. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy