Skip to main content
CVE-2024-43165 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rashid87 WPSection allows PHP Local File Inclusion.3.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-39642 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.2.6.8.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-38752 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zoho Campaigns allows Cross-Site Scripting (XSS).0.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zoho
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-42376 MEDIUM This Month

SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Shared Service Framework
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-2259 MEDIUM This Month

This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
6.4
EPSS
0.5%
CVE-2024-41906 MEDIUM This Month

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Sinec Traffic Analyzer
NVD
CVSS 4.0
6.3
EPSS
0.2%
CVE-2024-33005 MEDIUM This Month

Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Abap Netweaver Java Content Server +1
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-38501 MEDIUM This Month

An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Icdm Rx Tcp Socketserver Firmware Profinet Firmware Profinet Modbus Firmware Modbus Router Firmware +4
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41681 MEDIUM This Month

A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Location Intelligence
NVD
CVSS 4.0
6.0
EPSS
0.2%
CVE-2024-3913 MEDIUM This Month

An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Information Disclosure Charx Sec 3150 Firmware Charx Sec 3100 Firmware Charx Sec 3050 Firmware +1
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-21981 MEDIUM This Month

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys,. Rated medium severity (CVSS 5.7). No vendor patch available.

Authentication Bypass RCE Amd
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2024-38155 MEDIUM PATCH This Month

Security Center Broker Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +4
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2024-38151 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-38122 MEDIUM PATCH This Month

Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-38118 MEDIUM PATCH This Month

Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-36505 MEDIUM This Month

An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortios
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-6079 MEDIUM This Month

A vulnerability exists in the Rockwell Automation Emulate3D™, which could be leveraged to execute a DLL Hijacking attack. Rated medium severity (CVSS 5.4). No vendor patch available.

RCE Rockwell
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-7247 MEDIUM PATCH This Month

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Element Pack
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-7092 MEDIUM PATCH This Month

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘no_more_items_text’. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Essential Addons For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-42373 MEDIUM This Month

SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Student Life Cycle Management
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-41735 MEDIUM This Month

SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Commerce Backoffice
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-41732 MEDIUM This Month

SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Application Server Abap
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6384 MEDIUM This Month

"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass MongoDB
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-38760 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Maucher Send Users Email allows Accessing Functionality Not Properly Constrained by ACLs.5.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-38756 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Weblizar Coming Soon allows Accessing Functionality Not Properly Constrained by ACLs.6.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-38742 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MBE Worldwide S.P.A. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-41941 MEDIUM This Month

A vulnerability has been identified in SINEC NMS (All versions < V3.0). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sinec Nms
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-7715 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
25.1%
CVE-2024-39591 MEDIUM This Month

SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Document Builder
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-41733 MEDIUM This Month

In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Commerce
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-41938 MEDIUM This Month

A vulnerability has been identified in SINEC NMS (All versions < V3.0). Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sinec Nms
NVD
CVSS 4.0
5.1
EPSS
0.3%
CVE-2024-39922 MEDIUM This Month

A vulnerability has been identified in LOGO!. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-41737 MEDIUM This Month

SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Information Disclosure SAP Crm Abap Insights Management
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2023-31339 MEDIUM This Month

Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Amd Trusted Firmware A
NVD VulDB
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-41774 MEDIUM This Month

IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Common Licensing
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-38123 MEDIUM PATCH This Month

Windows Bluetooth Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 11 24h2
NVD
CVSS 3.1
4.4
EPSS
0.7%
CVE-2024-41734 MEDIUM This Month

Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Application Server Abap
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-42377 MEDIUM This Month

SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Shared Service Framework
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-42375 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Objects Business Intelligence Platform
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-41736 MEDIUM This Month

Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Permit To Work
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-41731 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Objects Business Intelligence Platform
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-28166 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Objects Business Intelligence Platform
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-38143 MEDIUM PATCH This Month

Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
4.2
EPSS
1.7%
CVE-2024-7388 MEDIUM This Month

The WP Bannerize Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via banner alt data in all versions up to, and including, 1.9.0 due to insufficient input sanitization and. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2024-41907 LOW Monitor

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Sinec Traffic Analyzer
NVD
CVSS 4.0
2.1
EPSS
0.2%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy