Skip to main content
CVE-2024-5402 MEDIUM This Month

Unquoted Search Path or Element vulnerability in ABB Mint Workbench. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Mint Workbench
NVD
CVSS 4.0
6.2
EPSS
0.2%
CVE-2024-40627 MEDIUM PATCH This Month

Fastapi OPA is an opensource fastapi middleware which includes auth flow. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.8
EPSS
0.6%
CVE-2024-39827 MEDIUM This Month

Improper input validation in the installer for Zoom Workplace Desktop App for Windows before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Workplace Desktop
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-4224 MEDIUM This Month

An authenticated stored cross-site scripting (XSS) exists in the TP-Link TL-SG1016DE affecting version TL-SG1016DE(UN) V7.6_1.0.0 Build 20230616, which could allow an adversary to run JavaScript in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

TP-Link XSS
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6742 MEDIUM This Month

AguardNet Technology's Space Management System does not properly filter user input, allowing remote attackers with regular privileges to inject JavaScript and perform Reflected Cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Space Management System
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39735 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Datacap Datacap Navigator
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39728 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Datacap Datacap Navigator
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39912 MEDIUM PATCH This Month

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Denial Of Service
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-40555 MEDIUM This Month

Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Tmall Demo
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-38495 MEDIUM This Month

A specific authentication strategy allows a malicious attacker to learn ids of all PAM users defined in its database. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-36457 MEDIUM This Month

The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-6398 MEDIUM This Month

An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Secure Web Gateway
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-32945 MEDIUM This Month

Mattermost Mobile Apps versions <=2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to change the contents of a LateX post, by creating another post. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Mobile
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-6540 MEDIUM This Month

Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6738 MEDIUM This Month

The tumbnail API of Tronclass from WisdomGarden lacks proper access control, allowing unauthenticated remote attackers to obtain certain specific files by modifying the URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tronclass
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-39741 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Datacap Datacap Navigator
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-39740 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap Datacap Navigator
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-39737 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap Datacap Navigator
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-38496 MEDIUM This Month

The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-36458 MEDIUM This Month

The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-39820 MEDIUM This Month

Uncontrolled search path element in the installer for Zoom Workplace Desktop App for macOS before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Workplace Desktop
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2024-38360 MEDIUM PATCH This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-40553 MEDIUM This Month

Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload via the component uploadUserHeadImage. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Tmall Demo
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-39821 MEDIUM This Month

Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user to conduct a denial of service via local access. Rated medium severity (CVSS 4.4). No vendor patch available.

Denial Of Service Microsoft Rooms Workplace Desktop
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-40630 MEDIUM This Month

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-39918 MEDIUM PATCH This Month

@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-39729 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap Datacap Navigator
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-39739 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM Datacap Datacap Navigator
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-37386 MEDIUM This Month

An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.2
EPSS
0.2%
CVE-2024-31946 MEDIUM This Month

An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.41, 3.10.0 through 3.11.29, 4.0 through 4.3.24, and 4.4.0 through 4.7.4. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.2
EPSS
0.2%
CVE-2024-40632 LOW PATCH Monitor

Linkerd is an open source, ultralight, security-first service mesh for Kubernetes. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Kubernetes
NVD GitHub
CVSS 3.1
3.7
EPSS
0.4%
CVE-2024-41007 LOW PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero,. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-39919 LOW PATCH Monitor

@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
3.1
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy