Skip to main content
CVE-2024-45128 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Commerce Commerce B2b Magento
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-9520 MEDIUM This Month

The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Userplus
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9074 MEDIUM This Month

The Advanced Blocks Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Advanced Blocks Pro
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-9457 MEDIUM This Month

The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wp Builder
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9066 MEDIUM This Month

The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Marketing And Seo Booster
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-9064 MEDIUM This Month

The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Elementor Inline Svg
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-48941 MEDIUM This Month

The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Secure Login
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9065 MEDIUM This Month

The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wp Helper Premium
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-9596 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-45124 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Commerce Commerce B2b Magento
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-9802 MEDIUM This Month

The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zowe Api Mediation Layer
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-9798 MEDIUM This Month

The health endpoint is public so everybody can see a list of all services. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zowe Api Mediation Layer
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-9792 MEDIUM This Month

A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link XSS Dsl 2750U Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-6157 MEDIUM This Month

An attacker who successfully exploited these vulnerabilities could cause the robot to stop. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2024-45119 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Commerce Commerce B2b Magento
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2024-45127 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Commerce B2b Magento
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-47354 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership After Login Redirection simple-membership-after-login-redirection.6. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD VulDB
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-47648 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Metagauss EventPrime eventprime-event-calendar-management.0.4.5. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD VulDB
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-9067 MEDIUM This Month

The Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Youzify
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-45130 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Commerce Commerce B2b Magento
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-45129 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Privilege Escalation Commerce Commerce B2b +1
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-45125 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Commerce Commerce B2b Magento
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-45122 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Commerce Commerce B2b Magento
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-45121 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Commerce Commerce B2b Magento
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-8477 MEDIUM PATCH This Month

The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Newsletter Smtp Email Marketing And Subscribe
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-9685 MEDIUM PATCH This Month

The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftb_test_action' function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Notification For Telegram
NVD
CVSS 3.1
4.3
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy