Skip to main content
CVE-2024-10003 MEDIUM PATCH This Month

The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including,. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Rover Idx
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-49211 MEDIUM This Month

Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x before version 2024.08. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-49210 MEDIUM This Month

Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x before version 2024.09. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8980 MEDIUM PATCH This Month

The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-9231 MEDIUM PATCH This Month

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Members
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-45335 MEDIUM This Month

Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro Antivirus One
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-10189 MEDIUM PATCH This Month

The Anchor Episodes Index (Spotify for Podcasters) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchor_episodes shortcode in all versions up to, and including,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Anchor Episodes Index
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9588 MEDIUM This Month

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Category And Taxonomy Meta Fields
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-48644 MEDIUM This Month

Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera (Firmware Version v3.0.0.1889_23031701) allows remote attackers to determine valid user accounts via login. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-45526 MEDIUM PATCH This Month

An issue was discovered in OPC Foundation OPCFoundation/UA-.NETStandard through 1.5.374.78. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-50312 MEDIUM PATCH This Month

A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Openshift Container Platform
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-10183 MEDIUM This Month

A vulnerability in Jamf Pro's Jamf Remote Assist tool allows a local, non-privileged user to escalate their privileges to root on MacOS systems. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple
NVD
CVSS 4.0
5.2
EPSS
0.1%
CVE-2024-48415 MEDIUM This Month

itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Loan Management System
NVD GitHub
CVSS 3.1
5.0
EPSS
0.4%
CVE-2024-9591 MEDIUM This Month

The Category and Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_category_image' parameter in versions up to, and including, 1.0.0 due to insufficient input. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Category And Taxonomy Image
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-9590 MEDIUM This Month

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaft_add_meta_textinput' function in versions up to,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Category And Taxonomy Meta Fields
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-9589 MEDIUM This Month

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'new_meta_name' parameter in the 'wpaft_option_page' function in versions up to, and. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Category And Taxonomy Meta Fields
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-48927 MEDIUM PATCH This Month

Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Umbraco Cms
NVD GitHub
CVSS 3.1
4.6
EPSS
0.4%
CVE-2024-49209 MEDIUM This Month

Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Archer
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-49373 MEDIUM PATCH This Month

No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Centurion Erp
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-9541 MEDIUM PATCH This Month

The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure PHP News Kit Elementor Addons
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-48929 MEDIUM PATCH This Month

Umbraco is a free and open source .NET content management system. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Session Fixation Information Disclosure Umbraco Cms
NVD GitHub
CVSS 3.1
4.2
EPSS
0.2%
CVE-2024-43173 LOW Monitor

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Concert
NVD
CVSS 3.1
3.7
EPSS
0.2%
CVE-2024-49208 LOW Monitor

Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Archer
NVD
CVSS 3.1
3.1
EPSS
0.3%
CVE-2024-48926 LOW PATCH Monitor

Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Umbraco Cms
NVD GitHub
CVSS 3.1
3.1
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy