Skip to main content
CVE-2024-6312 MEDIUM This Month

The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.7.3.2 via the 'af2DeleteFontFile' function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 25.7% and no vendor patch available.

RCE Path Traversal WordPress PHP Funnelforms Free
NVD
CVSS 3.1
6.5
EPSS
25.7%
CVE-2024-45048 MEDIUM POC PATCH This Month

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XXE Phpspreadsheet
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-45057 MEDIUM POC PATCH This Month

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS I Educar
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-42900 MEDIUM POC This Month

Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the sql parameter of the createTable() function at /tool/gen/create. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ruoyi
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-44915 MEDIUM POC This Month

An issue in the component EXR!ReadEXR+0x4eef0 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Exr
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-44914 MEDIUM POC This Month

An issue in the component EXR!ReadEXR+0x3df50 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Exr
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-44913 MEDIUM POC This Month

An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Exr
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-45046 MEDIUM POC PATCH This Month

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Phpspreadsheet
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-45043 MEDIUM POC PATCH This Month

The OpenTelemetry Collector module AWS firehose receiver is for ingesting AWS Kinesis Data Firehose delivery stream messages and parsing the records received based on the configured record type. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-39771 MEDIUM This Month

QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Qbic Cloud Cc 2 2L Firmware Safie One Firmware
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-45054 MEDIUM PATCH This Month

Hwameistor is an HA local storage system for cloud-native stateful workloads. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Privilege Escalation Information Disclosure Hwameistor
NVD GitHub
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-20413 MEDIUM This Month

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to elevate privileges to network-admin on an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20411 MEDIUM This Month

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Cisco
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-7744 MEDIUM This Month

In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ws Ftp Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-43805 MEDIUM PATCH This Month

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jupyterlab Notebook
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-44943 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm: gup: stop abusing try_grab_folio A kernel warning was reported when pinning folio in CMA memory when launching SEV virtual. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-4554 MEDIUM This Month

Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack.0.4.1 and 5.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netiq Access Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41565 MEDIUM PATCH This Month

JustEnoughItems (JEI) 19.5.0.33 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Justenoughitems
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-41564 MEDIUM This Month

EMI v.1.1.10 and before, fixed in v.1.1.11, contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emi
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-42698 MEDIUM PATCH This Month

Roughly Enough Items (REI) v.16.0.729 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Roughlyenoughitems
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-8195 MEDIUM PATCH This Month

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debug_data', 'debug_query', and 'debug_redirect' functions in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Information Disclosure Permalink Manager Lite
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-7447 MEDIUM PATCH This Month

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor - Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Funnelforms Free
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6450 MEDIUM This Month

HyperView Geoportal Toolkit in versions lower than 8.5.0 is vulnerable to Reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Geoportal Toolkit
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-6449 MEDIUM This Month

HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cors Misconfiguration Geoportal Toolkit
NVD
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6448 MEDIUM PATCH This Month

The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 7.7.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Mollie Payments For Woocommerce
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-7573 MEDIUM This Month

The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-20289 MEDIUM This Month

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-6053 MEDIUM This Month

Improper access control in the clipboard synchronization feature in TeamViewer Full Client prior version 15.57 and TeamViewer Meeting prior version 15.55.3 can lead to unintentional sharing of the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meeting Teamviewer
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-20279 MEDIUM This Month

A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Application Policy Infrastructure Controller
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy