Skip to main content
CVE-2024-43380 HIGH PATCH This Week

fugit contains time tools for flor and the floraison group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Fugit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-44073 HIGH PATCH This Week

The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Miniscript
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-44070 HIGH PATCH This Week

An issue was discovered in FRRouting (FRR) through 10.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Frrouting Enterprise Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-43256 HIGH This Week

Missing Authorization vulnerability in nouthemes Leopard - WordPress offload media allows Accessing Functionality Not Properly Constrained by ACLs.0.36. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-4785 MEDIUM PATCH This Month

BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-43250 MEDIUM This Month

Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.6.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Bit Form
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-43317 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Metagauss User Registration Team RegistrationMagic allows Cross-Site Scripting (XSS).0.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Registrationmagic
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-43280 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Salon Booking System Salon booking system.8.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Salon Booking System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-32928 MEDIUM This Month

The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Google Nest Mini Firmware Libcurl
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-43326 MEDIUM This Month

Missing Authorization vulnerability in Jamie Bergen Plugin Notes Plus allows Accessing Functionality Not Properly Constrained by ACLs.2.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-43400 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-25582 MEDIUM This Month

Module savepoints could be abused to inject references to malicious code delivered through the same domain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-43281 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VOID CODERS Void Elementor Post Grid Addon for Elementor Page builder allows PHP Local File Inclusion.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-43272 MEDIUM This Month

Missing Authentication for Critical Function vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.1.24. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6348 MEDIUM This Month

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Blind Spot Protection Sensor Ecu Firmware
NVD
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-43236 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Easy PayPal Buy Now Button.9. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-43379 LOW PATCH Monitor

TruffleHog is a secrets scanning tool. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Trufflehog
NVD GitHub
CVSS 3.1
3.1
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy