Skip to main content
CVE-2024-38888 MEDIUM This Month

An issue in Horizon Business Services Inc. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Caterease
NVD VulDB
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-7323 MEDIUM This Month

Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Easyflow Net
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-40719 MEDIUM This Month

The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Tcb Servisign
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-4643 MEDIUM PATCH This Month

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Element Pack
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-7204 MEDIUM This Month

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Qbibot
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-6704 MEDIUM PATCH This Month

The Comments - wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wpdiscuz
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-39396 MEDIUM This Month

InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Indesign
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-6567 MEDIUM This Month

The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Ebook Store
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-41519 MEDIUM This Month

Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS) via "/admin/programm/<program_id>/zuordnung/veranstaltungen/<event_id>" through the "school" input field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Feripro
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3827 MEDIUM This Month

The Spectra Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block ids in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Spectra
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41517 MEDIUM This Month

An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro <= v2.2.3 allows remote attackers to get a list of all users and their corresponding. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Feripro
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-7319 MEDIUM This Month

An incomplete fix for CVE-2023-1625 was found in openstack-heat. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Heat Openstack Platform
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2024-27182 MEDIUM PATCH This Month

In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by the Linkis system user . Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Apache Linkis
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2024-40723 MEDIUM This Month

The specific API in HWATAIServiSign Windows Version from CHANGING Information Technology does not properly validate the length of server-side inputs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Microsoft Hwatai Servisign
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-40722 MEDIUM This Month

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Microsoft Tcb Servisign
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-22278 MEDIUM PATCH This Month

Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Harbor
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy