Skip to main content
CVE-2024-45504 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-45286 MEDIUM This Month

Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure SAP
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-38270 MEDIUM This Month

An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Gs1900 48Hpv2 Firmware Gs1900 48 Firmware Gs1900 24Hpv2 Firmware +7
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-45393 MEDIUM PATCH This Month

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Computer Vision Annotation Tool
NVD GitHub
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-38254 MEDIUM PATCH This Month

Windows Authentication Information Disclosure Vulnerability. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
6.2
EPSS
0.7%
CVE-2024-45592 MEDIUM PATCH This Month

auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Auditor Bundle
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-7784 MEDIUM This Month

During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-45279 MEDIUM This Month

Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-42378 MEDIUM This Month

Due to weak encoding of user-controlled inputs, eProcurement on SAP S/4HANA allows malicious scripts to be executed in the application, potentially leading to a Reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-21753 MEDIUM This Month

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Denial Of Service Fortinet Forticlient Endpoint Management Server
NVD
CVSS 3.1
6.0
EPSS
0.7%
CVE-2024-37991 MEDIUM This Month

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Simatic Rf360R Firmware Simatic Rf1170R Firmware Simatic Rf1140R Firmware Simatic Reader Rf685R Fcc Firmware +23
NVD
CVSS 4.0
6.0
EPSS
0.3%
CVE-2024-8258 LOW POC Monitor

Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Apple Logi Options
NVD GitHub
CVSS 4.0
2.0
EPSS
0.4%
CVE-2024-42424 MEDIUM This Month

Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Improper Input Validation vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Dell Precision 7920 Rack Firmware 7920 Xl Rack Firmware
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-45283 MEDIUM This Month

SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure SAP
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-25074 MEDIUM This Month

An issue was discovered in Samsung Semiconductor Mobile Processor and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Samsung Denial Of Service Exynos 9820 Firmware Exynos 9825 Firmware Exynos 980 Firmware +13
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-25073 MEDIUM This Month

An issue was discovered in Samsung Semiconductor Mobile Processor and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Samsung Null Pointer Dereference Denial Of Service Exynos 1080 Firmware Exynos 1280 Firmware +14
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-37992 MEDIUM This Month

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Simatic Rf360R Firmware Simatic Rf1170R Firmware Simatic Rf1140R Firmware Simatic Reader Rf685R Fcc Firmware +23
NVD
CVSS 4.0
5.9
EPSS
0.4%
CVE-2024-21528 MEDIUM This Month

All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improper user input sanitization. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Prototype Pollution Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-45281 MEDIUM PATCH This Month

SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity.

Information Disclosure SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2024-7698 MEDIUM This Month

A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware Tc Mguard Rs4000 4G Att Vpn Firmware Tc Mguard Rs4000 3G Vpn Firmware +32
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-44072 MEDIUM This Month

OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2024-38256 MEDIUM PATCH This Month

Windows Kernel-Mode Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +6
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2024-8645 MEDIUM This Month

SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Wireshark
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-42425 MEDIUM This Month

Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Access of Memory Location After End of Buffer vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Dell Precision 7920 Firmware 7920 Xl Firmware
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-43476 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-6282 MEDIUM PATCH This Month

The Master Addons - Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-jltma-wrapper-link element. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Master Addons
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8543 MEDIUM This Month

The Slider comparison image before and after plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [sciba] shortcode in all versions up to, and including, 0.8.3 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Slider Comparison Image Before And After
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-8241 MEDIUM PATCH This Month

The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Nova Blocks
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-45285 MEDIUM This Month

The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service SAP
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-44117 MEDIUM This Month

The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-42371 MEDIUM This Month

The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-45597 MEDIUM PATCH This Month

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pluto
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-8320 MEDIUM This Month

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Endpoint Manager
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-8369 MEDIUM This Month

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Eventprime
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-42345 MEDIUM This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Sinema Remote Connect Server
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-37994 MEDIUM This Month

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Simatic Rf360R Firmware Simatic Rf1170R Firmware Simatic Rf1140R Firmware Simatic Reader Rf685R Fcc Firmware +23
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-32006 MEDIUM This Month

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sinema Remote Connect Client
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-7734 MEDIUM This Month

An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware Tc Mguard Rs4000 4G Att Vpn Firmware Tc Mguard Rs4000 3G Vpn Firmware +32
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-42344 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity.

Information Disclosure Sinema Remote Connect Client
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-7655 MEDIUM This Month

The Community by PeepSo - Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.4.5.0 due. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Peepso
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-7618 MEDIUM This Month

The Community by PeepSo - Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Peepso
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-45280 MEDIUM This Month

Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java SAP
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-43800 MEDIUM PATCH This Month

serve-static serves static files. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Serve Static
NVD GitHub
CVSS 3.1
4.7
EPSS
0.6%
CVE-2024-43799 MEDIUM PATCH This Month

Send is a library for streaming files from the file system as a http response. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Send
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-43796 MEDIUM PATCH This Month

Express.js minimalist web framework for node. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Express
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-44120 MEDIUM This Month

SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS SAP
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-35282 MEDIUM This Month

A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Fortinet Information Disclosure Forticlient
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-6876 MEDIUM This Month

Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Oscat Basic Library
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-39582 MEDIUM This Month

Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dell Insightiq
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-39574 MEDIUM This Month

Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Denial Of Service Insightiq
NVD
CVSS 3.1
4.4
EPSS
0.1%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy