Skip to main content
CVE-2024-38433 MEDIUM This Month

Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE Npcm750R Firmware Npcm710R Firmware Npcm730R Firmware +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-39317 MEDIUM PATCH GHSA This Month

Wagtail is an open source content management system built on Django. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Python Denial Of Service Wagtail
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-6256 MEDIUM PATCH This Month

The Feeds for YouTube (YouTube video, channel, and gallery plugin) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'youtube-feed' shortcode in all versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Feeds For Youtube
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-6485 MEDIUM This Month

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS
NVD HeroDevs
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-39532 MEDIUM This Month

An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-23317 MEDIUM This Month

External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-6528 MEDIUM This Month

Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Modicon M241 Firmware Modicon M251 Firmware Modicon M258 Firmware Modicon M262 Firmware +1
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-39539 MEDIUM This Month

A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
6.0
EPSS
0.2%
CVE-2024-39536 MEDIUM This Month

A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Junos Os Evolved
NVD
CVSS 4.0
6.0
EPSS
0.2%
CVE-2024-39528 MEDIUM This Month

A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Juniper Denial Of Service Memory Corruption Junos +1
NVD
CVSS 4.0
6.0
EPSS
0.3%
CVE-2024-5680 MEDIUM This Month

call in the Foxboro.sys driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ecostruxure Foxboro Dcs Control Core Services
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-6392 MEDIUM PATCH This Month

The Image Optimizer, Resizer and CDN - Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Sirv
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-6554 MEDIUM PATCH This Month

The Branda - White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.18. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Branda
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-0619 MEDIUM This Month

The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the payment_callback() function in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Payment Gateway
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-6210 MEDIUM This Month

The Duplicator plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 1.5.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-6681 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi My Springsecurity Plus
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6680 MEDIUM This Month

A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi My Springsecurity Plus
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-39905 MEDIUM PATCH This Month

Red is a fully modular Discord bot. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6679 MEDIUM This Month

A vulnerability classified as critical has been found in witmy my-springsecurity-plus up to 2024-07-04. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi My Springsecurity Plus
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-6676 MEDIUM This Month

A vulnerability has been found in witmy my-springsecurity-plus up to 2024-07-03 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi My Springsecurity Plus
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-23485 MEDIUM This Month

Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation (CWE-1304) in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-23194 LOW Monitor

Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-5470 LOW Monitor

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
2.7
EPSS
0.3%
CVE-2024-5257 LOW Monitor

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with `admin_compliance_framework` custom role. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
2.7
EPSS
0.4%
CVE-2024-2880 LOW Monitor

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
2.7
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy