Skip to main content
CVE-2024-37205 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in SERVIT Software Solutions.4.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6645 MEDIUM This Month

A vulnerability was found in WuKongOpenSource Wukong_nocode up to 20230807. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6644 MEDIUM This Month

A vulnerability was found in zmops ArgusDBM up to 0.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-5492 MEDIUM This Month

Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Citrix Netscaler Application Delivery Controller Netscaler Gateway
NVD
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-6647 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Croogo up to 4.0.7. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-6150 MEDIUM This Month

A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Citrix Provisioning
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-6149 MEDIUM This Month

Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Citrix Workspace
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-27095 MEDIUM PATCH This Month

Decidim is a participatory democracy framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Decidim
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-6410 MEDIUM PATCH This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.8.9 via the 'pm_upload_image'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Profilegrid
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-5677 MEDIUM This Month

The Featured Image Generator plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the fig_save_after_generate_image function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-37147 MEDIUM This Month

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Glpi
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-39886 LOW Monitor

TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
3.7
EPSS
0.3%
CVE-2024-36452 LOW Monitor

Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF Webmin
NVD
CVSS 3.1
3.1
EPSS
0.2%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy