Skip to main content
CVE-2024-41952 MEDIUM PATCH This Month

Zitadel is an open source identity management system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Zitadel
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-2508 MEDIUM This Month

The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_menu_item_icon function in all versions up to, and including,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-39945 MEDIUM This Month

A vulnerability has been found in Dahua products. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Dahua Nvr4104 4Ks2 L Firmware Nvr4108 4Ks2 L Firmware Nvr4116 4Ks2 L Firmware +53
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-39694 MEDIUM PATCH This Month

Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-3082 MEDIUM This Month

A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext unless specific security. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sensor Net Connect Firmware V2
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-31200 MEDIUM This Month

A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sensor Net Connect Firmware V2
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-41951 MEDIUM PATCH This Month

Pheonix App is a Python application designed to streamline various tasks, from managing files to playing mini-games. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure
NVD GitHub
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-37135 MEDIUM This Month

DM5500 5.16.0.0, contains an information disclosure vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dm5500 Firmware
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-37898 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy