Skip to main content
CVE-2024-6384 MEDIUM This Month

"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass MongoDB
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-38760 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Maucher Send Users Email allows Accessing Functionality Not Properly Constrained by ACLs.5.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-38756 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Weblizar Coming Soon allows Accessing Functionality Not Properly Constrained by ACLs.6.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-38742 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MBE Worldwide S.P.A. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-41941 MEDIUM This Month

A vulnerability has been identified in SINEC NMS (All versions < V3.0). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sinec Nms
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-7715 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
25.1%
CVE-2024-39591 MEDIUM This Month

SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Document Builder
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-41733 MEDIUM This Month

In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Commerce
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-41938 MEDIUM This Month

A vulnerability has been identified in SINEC NMS (All versions < V3.0). Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sinec Nms
NVD
CVSS 4.0
5.1
EPSS
0.3%
CVE-2024-39922 MEDIUM This Month

A vulnerability has been identified in LOGO!. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-41737 MEDIUM This Month

SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Information Disclosure SAP Crm Abap Insights Management
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2023-31339 MEDIUM This Month

Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Amd Trusted Firmware A
NVD VulDB
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-41774 MEDIUM This Month

IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Common Licensing
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-38123 MEDIUM PATCH This Month

Windows Bluetooth Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 11 24h2
NVD
CVSS 3.1
4.4
EPSS
0.7%
CVE-2024-41734 MEDIUM This Month

Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Application Server Abap
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-42377 MEDIUM This Month

SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Shared Service Framework
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-42375 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Objects Business Intelligence Platform
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-41736 MEDIUM This Month

Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Permit To Work
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-41731 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Objects Business Intelligence Platform
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-28166 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Objects Business Intelligence Platform
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-38143 MEDIUM PATCH This Month

Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
4.2
EPSS
1.7%
CVE-2024-7388 MEDIUM This Month

The WP Bannerize Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via banner alt data in all versions up to, and including, 1.9.0 due to insufficient input sanitization and. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
4.0
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy