Skip to main content
CVE-2024-33981 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Credit Card Debit Card Payment Paypal
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33980 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Credit Card Debit Card Payment Paypal
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33979 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Credit Card Debit Card Payment Paypal
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33978 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Young Entrepreneur E Negosyo System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33977 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Young Entrepreneur E Negosyo System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33976 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Young Entrepreneur E Negosyo System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33975 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Young Entrepreneur E Negosyo System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-7537 MEDIUM This Month

oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Ofono
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-41911 MEDIUM This Month

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Poly Clariti Manager
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-7317 MEDIUM PATCH This Month

The Folders - Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Folders
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-6200 MEDIUM This Month

HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Haloitsm
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5708 MEDIUM This Month

The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 7.7 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wpbakery Page Builder
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-42400 MEDIUM This Month

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Instantos
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-42399 MEDIUM This Month

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Arubaos Instantos
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-42398 MEDIUM This Month

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Arubaos Instantos
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-42397 MEDIUM This Month

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Instantos
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-42396 MEDIUM This Month

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Instantos
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-6201 MEDIUM This Month

HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haloitsm
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-23464 MEDIUM This Month

In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Client Connector
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-42218 MEDIUM This Month

1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms. Rated medium severity (CVSS 4.7). No vendor patch available.

Authentication Bypass Apple Hashicorp 1Password
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-6995 MEDIUM This Month

Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-7005 MEDIUM This Month

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-7004 MEDIUM This Month

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-7003 MEDIUM This Month

Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-7001 MEDIUM This Month

Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-39751 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy