Skip to main content
CVE-2024-9021 MEDIUM POC This Month

In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Relevanssi
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-8925 MEDIUM POC This Month

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Request Smuggling Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2024-46410 MEDIUM POC This Month

PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Publiccms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-8983 MEDIUM POC This Month

Custom Twitter Feeds WordPress plugin before 2.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Command Injection Custom Twitter Feeds
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-47822 MEDIUM POC PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Directus
NVD GitHub
CVSS 3.1
4.2
EPSS
0.3%
CVE-2024-47563 MEDIUM This Month

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Sinec Security Monitor
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-46887 MEDIUM This Month

The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-43543 MEDIUM PATCH This Month

Windows Mobile Broadband Driver Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

RCE Open Redirect Microsoft Windows 10 1809 Windows 10 21h2 +7
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2024-43536 MEDIUM PATCH This Month

Windows Mobile Broadband Driver Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

RCE Open Redirect Microsoft Windows 10 1809 Windows 10 21h2 +7
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2024-43526 MEDIUM PATCH This Month

Windows Mobile Broadband Driver Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-43525 MEDIUM PATCH This Month

Windows Mobile Broadband Driver Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-43524 MEDIUM PATCH This Month

Windows Mobile Broadband Driver Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-43523 MEDIUM PATCH This Month

Windows Mobile Broadband Driver Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-37983 MEDIUM PATCH This Month

Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-37976 MEDIUM PATCH This Month

Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-39831 MEDIUM This Month

in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-43480 MEDIUM PATCH This Month

Azure Service Fabric for Linux Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

Heap Overflow Buffer Overflow RCE Microsoft Azure Service Fabric
NVD
CVSS 3.1
6.6
EPSS
1.1%
CVE-2024-38129 MEDIUM PATCH This Month

Windows Kerberos Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

Authentication Bypass Microsoft Windows Server 2022 23h2
NVD
CVSS 3.1
6.6
EPSS
1.2%
CVE-2024-21533 MEDIUM This Month

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-43609 MEDIUM PATCH This Month

Microsoft Office Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft 365 Apps Office Office Long Term Servicing Channel
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2024-43561 MEDIUM PATCH This Month

Windows Mobile Broadband Driver Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-43559 MEDIUM PATCH This Month

Windows Mobile Broadband Driver Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Microsoft Windows 10 1809 Windows 10 21h2 +7
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-43558 MEDIUM PATCH This Month

Windows Mobile Broadband Driver Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-43557 MEDIUM PATCH This Month

Windows Mobile Broadband Driver Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-43555 MEDIUM PATCH This Month

Windows Mobile Broadband Driver Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 10 1809 +8
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-43542 MEDIUM PATCH This Month

Windows Mobile Broadband Driver Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-43540 MEDIUM PATCH This Month

Windows Mobile Broadband Driver Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-43538 MEDIUM PATCH This Month

Windows Mobile Broadband Driver Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-43537 MEDIUM PATCH This Month

Windows Mobile Broadband Driver Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 10 1809 +8
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-43534 MEDIUM PATCH This Month

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2024-47161 MEDIUM This Month

In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-37179 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Businessobjects Business Intelligence
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-43513 MEDIUM PATCH This Month

BitLocker Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD
CVSS 3.1
6.4
EPSS
0.6%
CVE-2024-8482 MEDIUM This Month

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.3.982 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Royal Elementor Addons
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-8433 MEDIUM This Month

The Easy Mega Menu Plugin for WordPress - ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image' parameter in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-9292 MEDIUM This Month

The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-35215 MEDIUM This Month

NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qnx Software Development Platform
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-9207 MEDIUM This Month

The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8629 MEDIUM This Month

The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-43547 MEDIUM PATCH This Month

Windows Kerberos Information Disclosure Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2024-43546 MEDIUM PATCH This Month

Windows Cryptographic Information Disclosure Vulnerability. Rated medium severity (CVSS 5.6).

Information Disclosure Microsoft Windows 10 21h2 Windows 10 22h2 Windows 11 21H2 +5
NVD
CVSS 3.1
5.6
EPSS
0.6%
CVE-2024-43614 MEDIUM PATCH This Month

Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Path Traversal Microsoft Defender For Endpoint
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-43603 MEDIUM PATCH This Month

Visual Studio Collector Service Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Visual Studio Visual Studio 2017 Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-43585 MEDIUM PATCH This Month

Code Integrity Guard Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 21H2 +6
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2024-43554 MEDIUM PATCH This Month

Windows Kernel-Mode Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-43508 MEDIUM PATCH This Month

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 11 22h2 Windows 11 23h2 +2
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-43500 MEDIUM PATCH This Month

Windows Resilient File System (ReFS) Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Microsoft Windows 11 22h2 Windows 11 23h2 +2
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-34671 MEDIUM This Month

Use of implicit intent for sensitive communication in translation혻in Samsung Internet prior to version 26.0.3.1 allows local attackers to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Internet
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-34670 MEDIUM This Month

Use of implicit intent for sensitive communication in Sound Assistant prior to version 6.1.0.9 allows local attackers to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sound Assistant
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34663 MEDIUM This Month

Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy