Skip to main content
CVE-2024-45382 MEDIUM This Month

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-43697 MEDIUM This Month

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-43696 MEDIUM This Month

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-39806 MEDIUM This Month

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47951 MEDIUM This Month

In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2024-47950 MEDIUM This Month

In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2024-47196 MEDIUM This Month

A vulnerability has been identified in ModelSim (All versions < V2025.2), Questa (All versions < V2025.2). Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Modelsim Questa
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-47195 MEDIUM This Month

A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Modelsim Questa
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-47194 MEDIUM This Month

A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Modelsim Questa
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-8964 MEDIUM PATCH This Month

The Image Optimizer, Resizer and CDN - Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.2.9 due to insufficient. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Sirv
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-47594 MEDIUM This Month

SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-45278 MEDIUM This Month

SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Commerce Backoffice
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-9622 MEDIUM This Month

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-9621 MEDIUM PATCH This Month

A vulnerability was found in Quarkus CXF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-9620 MEDIUM This Month

A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-47565 MEDIUM This Month

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sinec Security Monitor
NVD
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-45282 MEDIUM This Month

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure S 4 Hana
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-46886 MEDIUM This Month

The web server of affected devices does not properly validate input that is used for a user redirection. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-47095 MEDIUM This Month

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the expiredSupportMessage parameter of. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-43520 MEDIUM PATCH This Month

Windows Kernel Denial of Service Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
5.0
EPSS
0.9%
CVE-2024-36814 MEDIUM PATCH This Month

An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
4.9
EPSS
0.8%
CVE-2024-8488 MEDIUM PATCH This Month

The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Survey Maker
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-45476 MEDIUM This Month

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Tecnomatix Plant Simulation
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-43612 MEDIUM PATCH This Month

Power BI Report Server Spoofing Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Power Bi Report Server
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2024-47780 MEDIUM PATCH This Month

TYPO3 is a free and open source Content Management Framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Typo3
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-33506 MEDIUM This Month

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortimanager
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-8431 MEDIUM This Month

The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-45277 MEDIUM PATCH This Month

The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure Node.js SAP Hana Client
NVD
CVSS 3.1
4.3
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy