Skip to main content
CVE-2024-7986 MEDIUM This Month

A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Rockwell Thinmanager
NVD
CVSS 4.0
6.8
EPSS
0.6%
CVE-2024-42364 MEDIUM This Month

Homepage is a highly customizable homepage with Docker and service API integrations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Homepage
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-38207 MEDIUM PATCH This Month

Microsoft Edge (HTML-based) Memory Corruption Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Buffer Overflow Microsoft Memory Corruption Edge Chromium
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-38807 MEDIUM PATCH This Month

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where. Rated medium severity (CVSS 6.3). No vendor patch available.

Authentication Bypass Java
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-37392 MEDIUM This Month

A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Smseagle
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-43794 MEDIUM This Month

OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-41150 MEDIUM This Month

An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp Manageengine Supportcenter Plus
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2024-41878 MEDIUM This Month

Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41877 MEDIUM This Month

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41876 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41875 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41848 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41847 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41846 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41845 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41844 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41843 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41841 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-42766 MEDIUM This Month

Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /deleteTicket.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PHP Bus Ticket Reservation System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-38869 MEDIUM This Month

Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.3.2416.04 and before 11.3.2400.25. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zoho Microsoft Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp +1
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2024-5502 MEDIUM PATCH This Month

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Piotnet Addons
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7428 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in OpenText™ Network Node Manager i (NNMi) allows URL Redirector Abuse.11, 2023.05, 23.4, 24.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect
NVD
CVSS 4.0
4.8
EPSS
0.4%
CVE-2024-7427 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Network Node Manager i (NNMi) could allow Cross-Site Scripting (XSS).11,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
4.8
EPSS
0.4%
CVE-2024-41842 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-43105 MEDIUM PATCH This Month

Mattermost Plugin Channel Export versions <=1.0.0 fail to restrict concurrent runs of the /export command which allows a user to consume excessive resource by running the /export command multiple times at once.

Denial Of Service Channel Export
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-43031 MEDIUM This Month

autMan v2.9.6 was discovered to contain an access control issue. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Autman
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-43032 MEDIUM This Month

autMan v2.9.6 allows attackers to bypass authentication via a crafted web request. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Autman
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-41849 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
CVSS 3.1
4.1
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy