Skip to main content
CVE-2024-5500 MEDIUM POC This Month

Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Chrome
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-2884 MEDIUM POC This Month

Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Google Chrome
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-40503 MEDIUM POC This Month

An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Ax12 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-39036 MEDIUM POC This Month

SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Seacms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-3175 MEDIUM POC This Month

Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Chrome
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-40626 MEDIUM POC This Month

Outline is an open source, collaborative document editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Outline
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-40536 MEDIUM POC This Month

Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 were discovered to contain a stack overflow via the pin_3g_code parameter in the config_3g_para function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Lbt T300 T400 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6336 MEDIUM This Month

A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Server
NVD GitHub
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-5816 MEDIUM This Month

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-5815 MEDIUM This Month

A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Enterprise Server
NVD GitHub
CVSS 4.0
6.8
EPSS
0.2%
CVE-2024-3232 MEDIUM This Month

A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Identity Exposure
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-21177 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle Mysql Cluster Mysql Server
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-21171 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-21169 MEDIUM This Month

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Partners). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Marketing
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-21168 MEDIUM This Month

Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Jd Edwards Enterpriseone Orchestrator
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-5795 MEDIUM This Month

A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Enterprise Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-5566 MEDIUM This Month

An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-4780 MEDIUM This Month

The Image Hover Effects - Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eihe_link’ parameter in all versions up to, and including, 1.4.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-3587 MEDIUM PATCH This Month

The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Portfolios Widget in all versions up to, and including, 2.3.2. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Auxinportfolio
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2691 MEDIUM PATCH This Month

The WP Event Manager - Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events' shortcode in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Event Manager
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-21158 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-21170 MEDIUM This Month

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Denial Of Service Oracle Mysql Connector Python
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-6395 MEDIUM This Month

An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Enterprise Server
NVD GitHub
CVSS 4.0
6.3
EPSS
0.5%
CVE-2024-21188 MEDIUM This Month

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oracle Financial Services Revenue Management And Billing
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-21178 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-21150 MEDIUM This Month

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-21133 MEDIUM This Month

Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Servlet). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oracle Reports Developer
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-6325 MEDIUM This Month

The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Rockwell Factorytalk Policy Manager
NVD
CVSS 4.0
6.0
EPSS
0.3%
CVE-2024-21166 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Oracle MySQL
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2024-5817 MEDIUM This Month

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 4.0
5.9
EPSS
0.5%
CVE-2024-21126 MEDIUM This Month

Vulnerability in the Oracle Database Portable Clusterware component of Oracle Database Server. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Database Server
NVD
CVSS 3.1
5.8
EPSS
0.5%
CVE-2022-48829 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes iattr::ia_size is a loff_t, so these NFSv3 procedures must be careful. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-48828 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix ia_size underflow iattr::ia_size is a loff_t, which is a signed 64-bit type. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Linux Information Disclosure Linux Kernel
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-21163 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2024-21161 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-3779 MEDIUM This Month

Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Eset Denial Of Service Internet Security Nod32 +6
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-41008 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: change vm->task_info handling This patch changes the handling and lifecycle of vm->task_info object. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-6570 MEDIUM This Month

The Glossary plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.26. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-6565 MEDIUM This Month

The AForms - Form Builder for Price Calculator & Cost Estimation plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-6557 MEDIUM This Month

The SchedulePress - Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher plugin for WordPress is vulnerable to Full Path Disclosure in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-21139 MEDIUM This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Answers). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Business Intelligence
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-21132 MEDIUM This Month

Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite (component: Approvals). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Purchasing
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-21128 MEDIUM This Month

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: APIs). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Application Object Library
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-21122 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Text Catalog). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Oracle Peoplesoft Enterprise Hcm Shared Components
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6559 MEDIUM This Month

The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.7.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-21176 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Mysql Server
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-21143 MEDIUM This Month

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Management). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Oracle Istore
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-21185 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-21179 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Mysql Server
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2024-21173 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
4.9
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy