Skip to main content
CVE-2024-4260 MEDIUM POC This Month

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Coblocks
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-6231 MEDIUM POC This Month

The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Request A Quote
NVD WPScan
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-41665 MEDIUM POC This Month

Ampache, a web based audio/video streaming application and file manager, has a stored cross-site scripting (XSS) vulnerability in versions prior to 6.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ampache
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-1575 MEDIUM This Month

The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Nwa50Ax Firmware Nwa50Ax Pro Firmware Nwa55Axe Firmware +17
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-41012 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created. Rated medium severity (CVSS 6.3). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-39702 MEDIUM PATCH This Month

In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Openresty
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-41836 MEDIUM This Month

InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Indesign
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-41656 MEDIUM PATCH This Month

Sentry is an error tracking and performance monitoring platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sentry
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-41664 MEDIUM This Month

Canarytokens help track activity and actions on a network. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Docker
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-34128 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6783 MEDIUM This Month

A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS
NVD HeroDevs GitHub
CVSS 3.1
4.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy