Skip to main content
CVE-2024-49387 HIGH This Week

Cleartext transmission of sensitive information in acep-collector service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-45276 HIGH This Week

An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mbnet Mini Firmware Rex 100 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-45272 HIGH This Week

An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Myrex24 V2 Virtual Server Rex 300 Firmware Rex 200 Firmware Rex 250 Firmware +9
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-9983 HIGH This Week

Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Cloud Database
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-46898 HIGH PATCH This Week

SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Shirasagi
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-9820 HIGH This Week

The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wp 2Fa With Telegram
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-9837 HIGH This Week

The The AADMY - Add Auto Date Month Year Into Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection WordPress RCE
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2024-21285 HIGH This Week

Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Reports). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Oracle Banking Liquidity Management
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-21284 HIGH This Week

Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Reports). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Oracle Banking Liquidity Management
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-47779 HIGH This Week

Element is a Matrix web client built using the Matrix React SDK. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
7.0
EPSS
0.4%
CVE-2024-47771 HIGH This Week

Element Desktop is a Matrix client for desktop platforms. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
7.0
EPSS
0.6%
CVE-2024-47944 MEDIUM This Month

The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-9676 MEDIUM This Month

A denial of service vulnerability in A vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Denial Of Service Information Disclosure Linux Docker Path Traversal
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-31493 MEDIUM This Month

RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE PHP Zoneminder
NVD
CVSS 3.1
6.6
EPSS
0.7%
CVE-2024-21262 MEDIUM This Month

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Authentication Bypass Oncommand Insight Mysql Connectors
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-38204 MEDIUM PATCH This Month

Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Azure Functions
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-21230 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-21205 MEDIUM This Month

Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Oracle Fusion Middleware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-21196 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-21263 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-21202 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Oracle Peoplesoft Enterprise People Tools
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-9944 MEDIUM PATCH This Month

The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Woocommerce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-21535 MEDIUM PATCH This Month

Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE XSS Markdown To Jsx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-9548 MEDIUM PATCH This Month

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Slimstat Analytics
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-21273 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2024-47674 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-21286 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Management product of Oracle PeopleSoft (component: Enterprise Learning Management). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-21264 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Activity Guide Composer). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Cost Center Common Application Objects
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9895 MEDIUM PATCH This Month

The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's moo_receipt_link shortcode in all versions up to, and including, 1.5.7 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Smart Online Order For Clover
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9969 MEDIUM This Month

NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Webeip
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-21281 MEDIUM This Month

Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Request Smuggling Denial Of Service Oracle Banking Liquidity Management
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-21258 MEDIUM This Month

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: User Interface). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Installed Base
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-21248 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 5.3). No vendor patch available.

Authentication Bypass Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-21238 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2024-9979 MEDIUM PATCH This Month

A flaw was found in PyO3. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Python Buffer Overflow Memory Corruption
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-9546 MEDIUM This Month

The WPIDE - File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Wpide
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-44337 MEDIUM PATCH This Month

The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
5.1
EPSS
0.5%
CVE-2024-9977 MEDIUM This Month

A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
22.1%
CVE-2024-31955 MEDIUM This Month

An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB firmware. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Samsung
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2024-21261 MEDIUM This Month

Vulnerability in Oracle Application Express (component: General). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Oracle Application Express
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-21241 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-21239 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2024-21236 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2024-21219 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-21218 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-21207 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-21204 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-21203 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-21201 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-21200 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
4.9
EPSS
0.9%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy