Skip to main content
CVE-2024-2455 MEDIUM This Month

The Element Pack - Addon for Elementor Page Builder WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget wrapper link URL in all versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Element Pack
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7302 MEDIUM PATCH This Month

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 3gp2 file uploads in all versions up to, and including, 7.5.4 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Blog2Social
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-5330 MEDIUM This Month

The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the breakdance_css_file_paths_cache parameter in all versions up to, and including, 1.7.2 due to insufficient. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Breakdance
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41948 MEDIUM PATCH This Month

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Biscuit Java
NVD GitHub
CVSS 3.1
5.0
EPSS
0.3%
CVE-2024-39629 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.3.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Himalayas
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-39627 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Imagely NextGEN Gallery allows Stored XSS.59.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nextgen Gallery
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-39648 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.0.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Eventin
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-5678 MEDIUM This Month

Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD
CVSS 3.1
4.7
EPSS
2.5%
CVE-2024-4353 MEDIUM PATCH This Month

Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in the generate dashboard board instance functionality. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

XSS Concrete Cms
NVD GitHub
CVSS 4.0
4.6
EPSS
0.3%
CVE-2024-38490 MEDIUM This Month

Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Memory Corruption RCE Denial Of Service +1
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-38489 MEDIUM This Month

Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Memory Corruption RCE Denial Of Service +1
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-38481 MEDIUM This Month

Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow RCE Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-25948 MEDIUM This Month

Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Memory Corruption RCE Denial Of Service +1
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-25947 MEDIUM This Month

Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Memory Corruption RCE Denial Of Service +1
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-41926 MEDIUM PATCH This Month

Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-41162 MEDIUM PATCH This Month

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-39839 MEDIUM PATCH This Month

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow users to set their own remote username, when shared channels were enabled, which allows a user on a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-29977 MEDIUM PATCH This Month

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-5331 MEDIUM This Month

The Breakdance plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 1.7.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Breakdance
NVD
CVSS 3.1
4.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy