Skip to main content
CVE-2024-6638 MEDIUM This Month

An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Labview
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-6122 MEDIUM This Month

An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Systemlink Flexlogger
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-41825 MEDIUM This Month

In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-38503 MEDIUM PATCH This Month

When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Syncope
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-37244 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ninja Team Ninja Beaver Add-ons for Beaver Builder allows Stored XSS.4.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ninja Beaver Add Ons For Beaver Builder
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-37223 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nicdark Restaurant Reservations allows Stored XSS.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Restaurant Food
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37221 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Bester Kimili Flash Embed allows Stored XSS.5.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Kimili Flash Embed
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37219 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PBN Hosting SL Page Builder Sandwich - Front-End Page Builder allows Stored XSS.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Page Builder Sandwich
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37217 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ProWCPlugins Empty Cart Button for WooCommerce allows Stored XSS.3.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Empty Cart Button For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37216 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rami Yushuvaev Sketchfab Embed allows Stored XSS.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sketchfab Embed
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37215 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in creativeinteractivemedia Transition Slider - Responsive Image Slider and Gallery allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Transition Slider
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37116 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sinatrateam Sinatra allows Stored XSS.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sinatra
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37101 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AF themes WP Post Author allows Stored XSS.6.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Post Author
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37100 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mayur Somani, threeroutes media Elegant Themes Icons allows Stored XSS.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elegant Themes Icons
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-33933 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force, Nikhil Chavan Elementor - Header, Footer & Blocks Template allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor Header Footer Blocks Template
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-37445 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins Html5 Audio Player allows Stored XSS.2.23. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Html5 Audio Player
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37428 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesgrove WidgetKit allows Stored XSS.5.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS All In One Addons For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37414 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Stored XSS.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Depicter
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37278 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pratik Chaskar Cards for Beaver Builder.1.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cards For Beaver Builder
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37265 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson IdeaPush allows Stored XSS.60. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ideapush
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37263 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons enteraddons allows Stored XSS.1.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Enter Addons
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37246 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jethin Gallery Slideshow allows Stored XSS.4.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gallery Slideshow
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41880 MEDIUM This Month

In veilid-core in Veilid before 0.3.4, the protocol's ping function can be misused in a way that decreases the effectiveness of safety and private routes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-37380 MEDIUM This Month

A misconfiguration on UniFi U6+ Access Point could cause an incorrect VLAN traffic forwarding to APs meshed to UniFi U6+ Access Point. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubiquiti
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2024-6970 MEDIUM This Month

A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-41826 MEDIUM This Month

In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-37122 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Accordions allows Stored XSS.3.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Accordions
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-37121 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in biplob018 Shortcode Addons allows Stored XSS.2.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Shortcode Addons
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-37120 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Tabs allows Stored XSS.0.6. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Responsive Tabs
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-41709 MEDIUM PATCH This Month

Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Backdrop
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-41129 MEDIUM PATCH This Month

The ops library is a Python framework for developing and testing Kubernetes and machine charms. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure Kubernetes
NVD GitHub
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-40075 MEDIUM This Month

Laravel v11.x was discovered to contain an XML External Entity (XXE) vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-39902 MEDIUM PATCH This Month

Tuleap is an open source suite to improve management of software developments and collaboration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Tuleap
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy