Skip to main content
CVE-2024-7604 HIGH This Week

Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Unified Secops Platform
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-6812 HIGH This Week

IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Irfanview Wsq
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-6811 HIGH This Week

IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Irfanview Wsq
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-37008 HIGH This Week

A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Revit
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7013 HIGH This Week

Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-43873 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: 1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-29929 HIGH This Week

Buffer Overflow vulnerability found in Kemptechnologies Loadmaster before v.7.2.60.0 allows a remote attacker to casue a denial of service via the libkemplink.so, isreverse library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-43022 HIGH This Week

An issue in the downloader.php component of TOSEI online store management system v4.02, v4.03, and v4.04 allows attackers to execute a directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-20375 HIGH This Week

A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Memory Corruption Unified Communications Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-7885 HIGH PATCH This Week

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Build Of Apache Camel Hawtio Build Of Apache Camel For Spring Boot Build Of Keycloak +6
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2024-38305 HIGH This Week

Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Supportassist For Home Pcs
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-7134 HIGH This Week

The LiquidPoll - Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘form_data’ parameter in all versions up to, and including, 3.3.78. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-43881 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: change DMA direction while mapping reinjected packets For fragmented packets, ath12k reassembles each fragment as a. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-43878 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix input error path memory access When there is a misconfiguration of input state slow path KASAN report error. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Debian Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-43877 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: media: pci: ivtv: Add check for DMA map result In case DMA fails, 'dma->SG_length' is 0. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-43882 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is. Rated high severity (CVSS 7.0).

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2024-7090 MEDIUM This Month

The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘lh_add_media_from_url-file_url’ parameter in all versions up to, and including, 1.23 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.1
EPSS
2.6%
CVE-2024-7032 MEDIUM This Month

The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Smart Online Order For Clover
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-7602 MEDIUM This Month

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Unified Secops Platform
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2024-43371 MEDIUM PATCH This Month

CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Ckan
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-7647 MEDIUM This Month

The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Ota Sync Booking Engine Widget
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-41572 MEDIUM This Month

Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Learning With Texts
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-20488 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Unified Communications Manager
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41937 MEDIUM PATCH This Month

Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Apache XSS Airflow
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2024-43407 MEDIUM PATCH This Month

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Ckeditor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-41675 MEDIUM PATCH This Month

CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckan
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6339 MEDIUM This Month

The Phlox PRO theme for WordPress is vulnerable to Reflected Cross-Site Scripting via search parameters in all versions up to, and including, 5.16.4 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Phlox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-7651 MEDIUM PATCH This Month

The App Builder - Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to limited SQL Injection via the ‘app-builder-search’ parameter in all versions up to, and. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Google SQLi Apple WordPress App Builder
NVD
CVSS 3.1
5.6
EPSS
0.2%
CVE-2024-43879 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-43871 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-6767 MEDIUM This Month

The WordSurvey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sounding_title’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-43880 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_erp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM (A-TCAM). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-43876 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Avoid large backtrace, it is sufficient to warn the user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-43875 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Clean up error handling in vpci_scan_bus() Smatch complains about inconsistent NULL checking in vpci_scan_bus():. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-43874 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked Fix a null pointer dereference induced by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-43872 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup under heavy CEQE load CEQEs are handled in interrupt handler currently. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-43870 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exit When a task is scheduled out, pending sigtrap deliveries are deferred to the target task upon resume. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-43869 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exec and file release The perf pending task work is never waited upon the matching event release. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-43868 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: riscv/purgatory: align riscv_kernel_entry When alignment handling is delegated to the kernel, everything must be word-aligned in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-43867 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix refcount underflow Calling nouveau_bo_ref() on a nouveau_bo without initializing it (and hence the backing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-43865 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Re-add exception handling in load_fpu_state() With the recent rewrite of the fpu code exception handling for the lfpc. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-43864 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix CT entry update leaks of modify header context The cited commit allocates a new modify header to replace the old one. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-43863 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a deadlock in dma buf fence polling Introduce a version of the fence ops that on release doesn't remove the fence. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-43862 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: wan: fsl_qmc_hdlc: Convert carrier_lock spinlock to a mutex The carrier_lock spinlock protects the carrier detection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-42550 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the component /email/welcome.php of Mini Inventory and Sales Management System commit 18aa3d allows attackers to execute arbitrary web scripts or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-7629 MEDIUM This Month

The Responsive video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's video settings function in all versions up to, and including, 1.0 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Responsive Video
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7390 MEDIUM This Month

The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wp Testimonial Widget
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-41674 MEDIUM PATCH This Month

CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ckan
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6568 MEDIUM This Month

The Flamix: Bitrix24 and Contact Form 7 integrations plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-8022 MEDIUM This Month

A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy