Skip to main content
CVE-2024-45372 MEDIUM This Month

MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mzk Dp300N Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-47075 MEDIUM PATCH This Month

LayUI is a native minimalist modular Web UI component library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Layui
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8872 MEDIUM PATCH This Month

The Store Hours for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress XSS Store Hours For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-45836 MEDIUM This Month

Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cs Qr10 Firmware Cs Qr20 Firmware Cs Qr22 Firmware Cs Qr220 Firmware +1
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-8803 MEDIUM PATCH This Month

The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Bulk Noindex Nofollow Toolkit
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-47127 MEDIUM This Month

In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Gotenna Pro
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2024-47123 MEDIUM This Month

The goTenna Pro App uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Gotenna Pro
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2024-47121 MEDIUM This Month

The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Brute Force Information Disclosure Gotenna Pro
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2024-45374 MEDIUM This Month

The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Brute Force Information Disclosure Gotenna
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2024-43108 MEDIUM This Month

The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Gotenna
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2024-41722 MEDIUM This Month

In the goTenna Pro ATAK Plugin there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Gotenna
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2024-47174 MEDIUM This Month

Nix is a package manager for Linux and other Unix systems. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-46327 MEDIUM This Month

An issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access sensitive files via a directory traversal. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Vap11G 300 Firmware
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-8405 MEDIUM This Month

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Denial Of Service Microsoft Papercut Mf Papercut Ng
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-9177 MEDIUM PATCH This Month

The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themedy_col, themedy_social_link, themedy_alertbox, and themedy_pullleft shortcodes in all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Toolbox
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-8725 MEDIUM PATCH This Month

Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress XSS File Upload Advanced File Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-9198 MEDIUM This Month

Vulnerability in Clibo Manager v1.1.9.1 that could allow an attacker to execute an stored Cross-Site Scripting (stored XSS ) by uploading a malicious .svg image in the section: Profile > Profile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Clibo Manager
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-9173 MEDIUM This Month

The GF Custom Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Gf Custom Style
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9127 MEDIUM This Month

The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alignment’ parameter in all versions up to, and including, 3.0.0 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Super Testimonials
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9125 MEDIUM This Month

The king_IE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS King Ie
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9117 MEDIUM This Month

The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Mapplic
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9115 MEDIUM This Month

The Common Tools for Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Common Tools For Site
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8861 MEDIUM PATCH This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.9.3.2 due to incorrect use of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Profilegrid
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-45843 MEDIUM This Month

Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Mattermost Oracle Mattermost Server
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-42406 MEDIUM This Month

Mattermost versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x <= 9.9.2 and 9.5.x <= 9.5.8 fail to properly authorize requests when viewing archived channels is disabled, which allows an attacker to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-8723 MEDIUM This Month

The 012 Ps Multi Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via translated titles in all versions up to, and including, 1.6 due to insufficient input sanitization and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS 012 Ps Multi Languages
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-4099 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Code Injection
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-47129 MEDIUM This Month

The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messages. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Gotenna Pro
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-47128 MEDIUM This Month

The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gotenna Pro
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-43814 MEDIUM This Month

The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information (PLI) updates every 60 seconds once the plugin is active and goTenna is connected. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gotenna
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-41931 MEDIUM This Month

The goTenna Pro ATAK Plugin encryption key name is always sent unencrypted when the key is sent over RF through a broadcast message. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gotenna
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-41715 MEDIUM This Month

The goTenna Pro ATAK Plugin does not inject extra characters into broadcasted frames to obfuscate the length of messages. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Atak Plugin
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-39319 MEDIUM PATCH This Month

aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Aimeos Frontend Controller
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-9025 MEDIUM PATCH This Month

The Sight - Professional Image Gallery and Portfolio plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handler_post_title' function in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Sight
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-47044 MEDIUM This Month

Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-8118 MEDIUM This Month

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Grafana
NVD
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-47122 MEDIUM This Month

In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device (EUD). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gotenna Pro
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-43694 MEDIUM This Month

In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Atak Plugin
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-7259 MEDIUM This Month

A flaw was found in oVirt. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ovirt Engine
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-8633 MEDIUM PATCH This Month

The Form Maker by 10Web - Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Form Maker
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-45042 MEDIUM PATCH This Month

Ory Kratos is an identity, user management and authentication system for cloud services. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-47337 MEDIUM This Month

Missing Authorization vulnerability in Phillip Dane Joy Of Text Lite joy-of-text.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-8974 MEDIUM This Month

Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-47171 MEDIUM PATCH This Month

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Agnai
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-47170 MEDIUM PATCH This Month

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Agnai
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-8771 MEDIUM PATCH This Month

The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Information Disclosure Email Subscribers Newsletters
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-9155 MEDIUM This Month

Mattermost versions 9.10.x <= 9.10.1, 9.9.x <= 9.9.2, 9.5.x <= 9.5.8 fail to limit access to channels files that have not been linked to a post which allows an attacker to view them in channels that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-31899 MEDIUM This Month

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cognos Command Center
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-47145 MEDIUM This Month

Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-8552 MEDIUM PATCH This Month

The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Download Monitor
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy