Skip to main content
CVE-2024-9174 MEDIUM This Month

Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hubshare
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-47616 MEDIUM PATCH This Month

Pomerium is an identity and context-aware access proxy. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.8
EPSS
0.6%
CVE-2024-20524 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow Denial Of Service Rv042 Firmware +3
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-20523 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow Denial Of Service Rv042 Firmware +3
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-20522 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cisco Denial Of Service Rv042 Firmware +3
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-20517 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cisco Denial Of Service Rv042 Firmware +3
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-20516 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cisco Denial Of Service Rv042 Firmware +3
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-20492 MEDIUM This Month

A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Telepresence Video Communication Server
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-20515 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-20441 MEDIUM This Month

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Nexus Dashboard Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-8037 MEDIUM PATCH This Month

Vulnerable juju hook tool abstract UNIX domain socket. Rated medium severity (CVSS 6.5). This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Juju
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-35294 MEDIUM This Month

An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-47611 MEDIUM This Month

XZ Utils provide a general-purpose data-compression library plus command-line tools. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft
NVD GitHub
CVSS 4.0
6.3
EPSS
0.8%
CVE-2024-8254 MEDIUM PATCH This Month

The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection WordPress RCE Email Subscribers Newsletters
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-9378 MEDIUM PATCH This Month

The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.7.2 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Yml For Yandex Market
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9344 MEDIUM PATCH This Month

The BerqWP - Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Berqwp
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9218 MEDIUM PATCH This Month

The Magazine Blocks - Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Magazine Blocks
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9225 MEDIUM PATCH This Month

The SEOPress - On-site SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Seopress
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9222 MEDIUM PATCH This Month

The Paid Membership Subscriptions - Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Membership Content Restriction Paid Member Subscriptions
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9210 MEDIUM This Month

The MC4WP: Mailchimp Top Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Mailchimp Top Bar
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8800 MEDIUM PATCH This Month

The RabbitLoader - Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Rabbitloader
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-20509 MEDIUM This Month

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Cisco Denial Of Service Meraki Mx65 Firmware Meraki Mx64 Firmware +23
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-20385 MEDIUM This Month

A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard Orchestrator
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-20444 MEDIUM This Month

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Denial Of Service Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-8038 MEDIUM PATCH This Month

Vulnerable juju introspection abstract UNIX domain socket. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Juju
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20477 MEDIUM This Month

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Nexus Dashboard Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-20442 MEDIUM This Month

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Nexus Dashboard Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-20438 MEDIUM This Month

A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-8505 MEDIUM PATCH This Month

The WordPress Infinite Scroll - Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_label’ parameter in all versions up to, and including, 7.1.2 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

WordPress XSS Ajax Load More
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-8282 MEDIUM PATCH This Month

The Ibtana - WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:ive/ive-productscarousel' Gutenberg block in all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Ibtana
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9172 MEDIUM PATCH This Month

The Demo Importer Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.1 due to insufficient input sanitization and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Demo Importer Plus
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8967 MEDIUM PATCH This Month

The PWA - easy way to Progressive Web App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Pwa
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-46977 MEDIUM PATCH This Month

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Cosmos
NVD GitHub
CVSS 4.0
5.3
EPSS
0.9%
CVE-2024-20513 MEDIUM This Month

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Meraki Mx65 Firmware Meraki Mx64 Firmware Meraki Z4C Firmware +22
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-9423 MEDIUM This Month

Certain HP LaserJet printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Denial Of Service 9Yf88A Firmware 9Yf89A Firmware 9Yf90A Firmware +99
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-9333 MEDIUM This Month

Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-43795 MEDIUM PATCH This Month

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Cosmos
NVD GitHub
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-21530 MEDIUM PATCH This Month

Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. Rated medium severity (CVSS 4.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.5
EPSS
0.1%
CVE-2024-47804 MEDIUM PATCH This Month

If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Memory Corruption
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-47803 MEDIUM PATCH This Month

Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2024-47612 LOW Monitor

DataDump is a MediaWiki extension that provides dumps of wikis. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
3.5
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy