Skip to main content
CVE-2024-36443 HIGH This Week

Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read access to almost the whole file system via anonymous FTP. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.6
EPSS
0.6%
CVE-2024-42490 HIGH PATCH This Week

authentik is an open-source Identity Provider. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Authentik
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-39745 HIGH This Week

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling Connect Direct Web Services
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-8071 HIGH PATCH This Week

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-7634 MEDIUM This Month

NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nginx Nginx Agent Nginx Instance Manager
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-36440 MEDIUM This Month

An issue was discovered on Swissphone DiCal-RED 4009 devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-8041 MEDIUM This Month

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-6502 MEDIUM This Month

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-7848 MEDIUM PATCH This Month

The User Private Files - WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpk_upvf_update_doc'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress User Private Files
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-35151 MEDIUM This Month

IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Openpages Grc Platform Openpages With Watson
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-39836 MEDIUM PATCH This Month

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-42056 MEDIUM This Month

Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Retool
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-7110 MEDIUM This Month

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Gitlab Command Injection
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-38208 MEDIUM PATCH This Month

Microsoft Edge for Android Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Google Microsoft Edge
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-39746 MEDIUM This Month

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Sterling Connect Direct Web Services
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-36441 MEDIUM This Month

Swissphone DiCal-RED 4009 devices allow an unauthenticated attacker use a port-2101 TCP connection to gain access to operation messages that are received by the device. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7778 MEDIUM PATCH This Month

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Orbit Fox
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6870 MEDIUM PATCH This Month

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.4.7 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Responsive Lightbox
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5583 MEDIUM This Month

The The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel_direction. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS The Plus Addons For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-8075 MEDIUM This Month

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection T8 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.9%
CVE-2024-42411 MEDIUM This Month

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to restrict the input in POST /api/v4/users which allows a user to manipulate the creation date in POST. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-45165 MEDIUM This Month

An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Idol2
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-42497 MEDIUM PATCH This Month

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to properly enforce permissions which allows a user with systems manager role with read-only access to teams. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-39810 MEDIUM This Month

Mattermost versions 9.5.x <= 9.5.7 and 9.10.x <= 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Mattermost Denial Of Service
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-43780 MEDIUM PATCH This Month

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.x <= 9.8.2 fail to enforce permissions which allows a guest user with read access to upload files to a channel. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-39744 MEDIUM This Month

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Sterling Connect Direct Web Services
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-43813 MEDIUM This Month

Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-7836 MEDIUM This Month

The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Builder
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-32939 LOW PATCH Monitor

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Mattermost
NVD
CVSS 3.1
3.7
EPSS
0.2%
CVE-2024-40884 LOW PATCH Monitor

Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
2.7
EPSS
0.4%
CVE-2024-43785 LOW Monitor

gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. Rated low severity (CVSS 2.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
2.5
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy