Skip to main content
CVE-2024-38810 HIGH PATCH This Week

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Spring Security
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-43688 HIGH This Week

cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allows a heap-based buffer underflow and memory corruption. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2024-7780 HIGH PATCH This Week

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Contact Form Builder
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-7702 HIGH PATCH This Week

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the entryID. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Contact Form Builder
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-35214 HIGH This Week

A tampering vulnerability in the CylanceOPTICS Windows Installer Package of CylanceOPTICS for Windows version 3.2 and 3.3 could allow an attacker to potentially uninstall CylanceOPTICS from a system. Rated high severity (CVSS 7.1). No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-8005 MEDIUM PATCH This Month

A vulnerability was found in demozx gf_cms 1.0/1.0.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Gf Cms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-41773 MEDIUM This Month

IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Global Configuration Management
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-43409 MEDIUM PATCH This Month

Ghost is a Node.js content management system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Node.js Ghost
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-25009 MEDIUM This Month

Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Ericsson Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-7782 MEDIUM PATCH This Month

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal PHP WordPress Contact Form Builder
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-43408 MEDIUM This Month

Discourse Placeholder Forms will let you build dynamic documentation. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-40743 MEDIUM This Month

The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-27186 MEDIUM This Month

The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-27184 MEDIUM This Month

Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Joomla
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-6379 MEDIUM This Month

A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS 3Dexperience
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-6377 MEDIUM This Month

An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect 3Dexperience
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41697 MEDIUM This Month

Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Priority
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-7850 MEDIUM This Month

The BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.7.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-6337 MEDIUM This Month

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 4.0
5.9
EPSS
0.7%
CVE-2024-43861 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: fix memory leak for not ip packets Free the unused skb when not ip packets arrive. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-6322 MEDIUM PATCH This Month

Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6378 MEDIUM This Month

A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3Dexperience
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-42335 MEDIUM This Month

7Twenty - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bot
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7054 MEDIUM PATCH This Month

The Popup Maker - Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘close_text’ parameter in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Popup Maker
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5576 MEDIUM PATCH This Month

The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'course_carousel_skin' attribute within the plugin's Course Carousel widget in all versions up. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Tutor Lms Elementor Addons
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6864 MEDIUM PATCH This Month

The WP Last Modified Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘template’ attribute of the lmt-post-modified-info shortcode in all versions up to, and including,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Last Modified Info
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6575 MEDIUM PATCH This Month

The The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘res_width_value’. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS The Plus Addons For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5763 MEDIUM PATCH This Month

The The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_date attribute. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS The Plus Addons For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-5941 MEDIUM PATCH This Month

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'handle_request' function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Givewp
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-7711 MEDIUM This Month

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-43376 MEDIUM PATCH This Month

Umbraco is an ASP.NET CMS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Umbraco Cms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-42369 MEDIUM PATCH This Month

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Javascript Sdk
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-7944 MEDIUM This Month

A vulnerability was found in itsourcecode Laravel Property Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Laravel Property Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-5940 MEDIUM PATCH This Month

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_request' function in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Givewp
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-5939 MEDIUM PATCH This Month

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'setup_wizard' function in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Givewp
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-28829 MEDIUM This Month

Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Checkmk
NVD
CVSS 4.0
5.2
EPSS
0.2%
CVE-2024-7775 MEDIUM PATCH This Month

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Contact Form Builder
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-43397 MEDIUM PATCH This Month

Apollo is a configuration management system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Apollo
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-43377 MEDIUM PATCH This Month

Umbraco CMS is an ASP.NET CMS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Umbraco Cms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-38808 MEDIUM PATCH This Month

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Spring Framework Active Iq Unified Manager Oncommand Insight
NVD
CVSS 3.1
4.3
EPSS
0.5%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy