Skip to main content
CVE-2024-47227 MEDIUM PATCH This Month

iRedAdmin before 2.6 allows XSS, e.g., via order_name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Iredadmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-39341 MEDIUM This Month

Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file (i.e. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-46544 MEDIUM This Month

Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Tomcat Apache Information Disclosure Denial Of Service +3
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-8770 MEDIUM This Month

A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Enterprise Server
NVD GitHub
CVSS 4.0
5.8
EPSS
0.4%
CVE-2023-46948 MEDIUM This Month

A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-8758 MEDIUM This Month

The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Quiz And Survey Master
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-8903 MEDIUM This Month

Local active protection service settings manipulation due to unnecessary privileges assignment. Rated medium severity (CVSS 4.7). No vendor patch available.

Privilege Escalation Apple Microsoft
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2024-45453 LOW Monitor

Authentication Bypass by Spoofing vulnerability in Peter Hardy-vanDoorn Maintenance Redirect jf3-maintenance-mode.0.1. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
3.7
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy