Skip to main content
CVE-2024-22034 MEDIUM This Month

Attackers could put the special files in .osc into the actual package sources (e.g. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-49252 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in VaultDweller Leyka leyka.31.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-6380 MEDIUM This Month

A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3dexperience Enovia
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9444 MEDIUM PATCH This Month

The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.3 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Elementsready
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9582 MEDIUM PATCH This Month

The Accordion Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ attribute of an accordion slider in all versions up to, and including, 1.9.11 due to insufficient. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Accordion Slider
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8918 MEDIUM This Month

The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS File Upload File Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9888 MEDIUM PATCH This Month

The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget redirect URL in all versions up to, and including, 1.2.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Elementinvader Addons For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9873 MEDIUM This Month

The Community by PeepSo - Social Network, Membership, Registration, User Profiles, Premium - Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in posts, comments,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-45715 MEDIUM This Month

The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Solarwinds Platform
NVD
CVSS 3.1
5.2
EPSS
0.3%
CVE-2024-4690 MEDIUM This Month

Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.1.0 and below. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Application Automation Tools
NVD
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-22033 MEDIUM This Month

The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
5.1
EPSS
0.9%
CVE-2024-45071 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Websphere Application Server
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-47139 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an attacker with the Administrator role to run JavaScript in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Big Iq Centralized Management
NVD
CVSS 4.0
4.8
EPSS
0.5%
CVE-2024-9143 MEDIUM This Month

Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2024-29155 MEDIUM This Month

On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-9540 MEDIUM PATCH This Month

The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure PHP Sina Extension For Elementor
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-9891 MEDIUM This Month

The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-9649 MEDIUM PATCH This Month

The WP ULike - The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Ulike
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-45714 MEDIUM This Month

Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Serv U
NVD
CVSS 3.1
4.1
EPSS
0.8%
CVE-2024-4692 LOW Monitor

Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Rated low severity (CVSS 1.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Application Automation Tools
NVD
CVSS 4.0
1.8
EPSS
0.3%
CVE-2024-4211 LOW Monitor

Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Rated low severity (CVSS 1.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Application Automation Tools
NVD
CVSS 4.0
1.8
EPSS
0.3%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy