Skip to main content
CVE-2024-38206 MEDIUM PATCH This Month

An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SSRF Microsoft Copilot Studio
NVD
CVSS 3.1
6.5
EPSS
12.3%
CVE-2024-42347 MEDIUM PATCH This Month

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Matrix React Sdk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-7564 MEDIUM This Month

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Unified Secops Platform
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2024-7531 MEDIUM This Month

Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intel Mozilla Firefox Firefox Esr
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-7529 MEDIUM This Month

The date picker could partially obscure security prompts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-7526 MEDIUM This Month

ANGLE failed to initialize parameters which lead to reading from uninitialized memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-7518 MEDIUM This Month

Select options could obscure the fullscreen notification dialog. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-39817 MEDIUM This Month

Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Office
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-40101 MEDIUM PATCH This Month

A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-38166 MEDIUM PATCH This Month

An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics Crm Service Portal Web Resource
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-43113 MEDIUM This Month

The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Mozilla Firefox
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-43112 MEDIUM This Month

Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Mozilla Firefox
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-43111 MEDIUM This Month

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Mozilla Firefox
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41910 MEDIUM This Month

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Poly Clariti Manager
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-7524 MEDIUM This Month

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Firefox Esr
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-33994 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-33993 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-33992 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-33991 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-33990 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-33989 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-33988 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Attendence Monitoring System School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33987 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Attendence Monitoring System School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33986 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Attendence Monitoring System School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33985 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Attendence Monitoring System School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33984 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Attendence Monitoring System School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33983 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Attendence Monitoring System School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33982 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Attendence Monitoring System School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33981 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Credit Card Debit Card Payment Paypal
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33980 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Credit Card Debit Card Payment Paypal
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33979 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Credit Card Debit Card Payment Paypal
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33978 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Young Entrepreneur E Negosyo System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33977 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Young Entrepreneur E Negosyo System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33976 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Young Entrepreneur E Negosyo System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33975 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Young Entrepreneur E Negosyo System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-7537 MEDIUM This Month

oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Ofono
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-41911 MEDIUM This Month

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Poly Clariti Manager
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-7317 MEDIUM PATCH This Month

The Folders - Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Folders
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-6200 MEDIUM This Month

HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Haloitsm
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5708 MEDIUM This Month

The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 7.7 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wpbakery Page Builder
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-42400 MEDIUM This Month

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Instantos
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-42399 MEDIUM This Month

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Arubaos Instantos
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-42398 MEDIUM This Month

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Arubaos Instantos
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-42397 MEDIUM This Month

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Instantos
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-42396 MEDIUM This Month

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Instantos
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-6201 MEDIUM This Month

HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haloitsm
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-23464 MEDIUM This Month

In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Client Connector
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-42218 MEDIUM This Month

1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms. Rated medium severity (CVSS 4.7). No vendor patch available.

Authentication Bypass Apple Hashicorp 1Password
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-6995 MEDIUM This Month

Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-7005 MEDIUM This Month

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy