Skip to main content
CVE-2024-8325 MEDIUM PATCH This Month

The Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites - Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Blockspare
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-7077 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Semtek Informatics Software Consulting Inc. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Semtek Sempos
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8410 MEDIUM This Month

A vulnerability classified as problematic was found in ABCD ABCD2 up to 2.2.0-beta-1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Abcd
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-8409 MEDIUM This Month

A vulnerability classified as problematic has been found in ABCD ABCD2 up to 2.2.0-beta-1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal Abcd
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-34659 MEDIUM This Month

Exposure of sensitive information in GroupSharing prior to version 13.6.13.3 allows remote attackers can force the victim to join the group. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Group Sharing
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-45003 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: vfs: Don't evict inode under the inode lru traversing context The inode reclaiming process(See function prune_icache_sb) collects. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-44954 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: Fix racy access to midibuf There can be concurrent accesses to line6 midibuf from both the URB completion callback and. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-34653 MEDIUM This Month

Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Android
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-34645 MEDIUM This Month

Improper input validation in ThemeCenter prior to SMR Sep-2024 Release 1 allows physical attackers to install privileged applications. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-34642 MEDIUM This Month

Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-34639 MEDIUM This Month

Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-41927 MEDIUM This Month

Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kit Fc6A 24 Kc Firmware Kit Fc6A 24 Pc Firmware Kit Fc6A 24 Ra Firmware Kit Fc6A 24 Ra Hg1G Firmware +87
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-20497 MEDIUM This Month

A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote attacker to masquerade as another user on an affected system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Expressway E
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-8121 MEDIUM PATCH This Month

The The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name(). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Extended
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-34661 MEDIUM This Month

Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Samsung Assistant
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-34652 LOW Monitor

Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-34650 LOW Monitor

Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-34641 LOW Monitor

Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-34640 LOW Monitor

Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-34649 LOW Monitor

Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
2.4
EPSS
0.2%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy