Skip to main content
CVE-2024-45285 MEDIUM This Month

The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service SAP
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-44117 MEDIUM This Month

The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-42371 MEDIUM This Month

The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-45597 MEDIUM PATCH This Month

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pluto
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-8320 MEDIUM This Month

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Endpoint Manager
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-8369 MEDIUM This Month

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Eventprime
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-42345 MEDIUM This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Sinema Remote Connect Server
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-37994 MEDIUM This Month

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Simatic Rf360R Firmware Simatic Rf1170R Firmware Simatic Rf1140R Firmware Simatic Reader Rf685R Fcc Firmware +23
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-32006 MEDIUM This Month

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sinema Remote Connect Client
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-7734 MEDIUM This Month

An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware Tc Mguard Rs4000 4G Att Vpn Firmware Tc Mguard Rs4000 3G Vpn Firmware +32
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-42344 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity.

Information Disclosure Sinema Remote Connect Client
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-7655 MEDIUM This Month

The Community by PeepSo - Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.4.5.0 due. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Peepso
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-7618 MEDIUM This Month

The Community by PeepSo - Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Peepso
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-45280 MEDIUM This Month

Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java SAP
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-43800 MEDIUM PATCH This Month

serve-static serves static files. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Serve Static
NVD GitHub
CVSS 3.1
4.7
EPSS
0.6%
CVE-2024-43799 MEDIUM PATCH This Month

Send is a library for streaming files from the file system as a http response. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Send
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-43796 MEDIUM PATCH This Month

Express.js minimalist web framework for node. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Express
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-44120 MEDIUM This Month

SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS SAP
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-35282 MEDIUM This Month

A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Fortinet Information Disclosure Forticlient
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-6876 MEDIUM This Month

Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Oscat Basic Library
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-39582 MEDIUM This Month

Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dell Insightiq
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-39574 MEDIUM This Month

Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Denial Of Service Insightiq
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-37342 MEDIUM PATCH This Month

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Sql 2016 Azure Connect Feature Pack Sql Server 2016 +3
NVD
CVSS 3.1
4.3
EPSS
1.7%
CVE-2024-37337 MEDIUM PATCH This Month

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Sql 2016 Azure Connect Feature Pack Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
4.3
EPSS
1.7%
CVE-2024-27257 MEDIUM This Month

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Openpages Grc Platform Openpages With Watson
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-44121 MEDIUM This Month

Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-0067 MEDIUM This Month

Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-44112 MEDIUM PATCH This Month

Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass SAP Oil Gas
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-44116 MEDIUM This Month

The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-44115 MEDIUM This Month

The RFC enabled function module allows a low privileged user to add URLs to any user's workplace favourites. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-44113 MEDIUM This Month

Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-42380 MEDIUM This Month

The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-41729 MEDIUM This Month

Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP
NVD
CVSS 3.1
4.3
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy