Skip to main content
CVE-2024-48545 HIGH This Week

Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information by analyzing the code and data within the APK file. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-48542 HIGH This Week

Incorrect access control in the firmware update and download processes of Yamaha Headphones Controller v1.6.7 allows attackers to access sensitive information by analyzing the code and data within. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-48541 HIGH This Week

Incorrect access control in the firmware update and download processes of Ruochan Smart v4.4.7 allows attackers to access sensitive information by analyzing the code and data within the APK file. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-10327 HIGH This Week

A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-5608 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2024-45242 HIGH This Week

EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.8
EPSS
34.7%
CVE-2024-49691 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW woo-product-filter allows SQL Injection.7.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
7.6
EPSS
0.5%
CVE-2024-7763 HIGH This Week

In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Whatsup Gold
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-48142 HIGH This Week

A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-48141 HIGH This Week

A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-48140 HIGH This Week

A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-48139 HIGH This Week

A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-10295 HIGH This Week

A flaw was found in Gateway. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 3Scale Api Management
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-48454 HIGH This Week

An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin?page=user component. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Purchase Order Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-9692 MEDIUM This Month

VIMESA VHF/FM Transmitter Blue Plus is suffering from a Denial-of-Service (DoS) vulnerability. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-10336 MEDIUM This Month

A vulnerability was found in SourceCodeHero Clothes Recommendation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Clothes Recommendation System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-44141 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE macOS
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-49695 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.2.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-49693 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kraft Plugins Mega Elements mega-elements-addons-for-elementor allows Stored XSS.2.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-49703 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magepeopleteam WpEvently mage-eventpress.2.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-49702 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred Elementor mycred-for-elementor allows Stored XSS.2.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-48442 MEDIUM This Month

Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without authentication. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-8959 MEDIUM This Month

The WP Adminify - Custom WordPress Dashboard, Login and Admin Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-10176 MEDIUM This Month

The Compact WP Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_embed_player shortcode in all versions up to, and including, 1.9.13 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-9943 MEDIUM PATCH This Month

The MultiVendorX - The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF PHP Multivendorx
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-48540 MEDIUM This Month

Incorrect access control in XIAO HE Smart 4.3.1 allows attackers to access sensitive information by analyzing the code and data within the APK file. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-46995 MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Basercms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-45031 MEDIUM This Month

When editing objects in the Syncope Console, incomplete HTML tags could be used to bypass HTML sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Syncope
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-10332 MEDIUM This Month

A Cross-Site Scripting vulnerability has been found in Janto v4.3r11 from Impronta. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-9214 MEDIUM This Month

The Extra Product Options Builder for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'RednaoSerializedFields' parameter during the creation of a signature file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8717 MEDIUM This Month

The PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer - DearFlip plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pdf_source' parameter in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9865 MEDIUM PATCH This Month

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ep_booking_attendee_fields’ fields in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Eventprime
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9864 MEDIUM PATCH This Month

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket names in all versions up to, and including, 4.0.4.7 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Eventprime
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-9374 MEDIUM This Month

The Terms descriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-49696 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery robo-gallery allows Stored XSS.2.21. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-38314 MEDIUM This Month

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Maximo Application Suite
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-44205 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-44185 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-49750 MEDIUM PATCH This Month

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Python Information Disclosure Microsoft Snowflake Connector
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47173 MEDIUM PATCH This Month

Aimeos is an e-commerce framework. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-40810 MEDIUM This Month

An out-of-bounds write issue was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Memory Corruption macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-46998 MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Basercms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-46996 MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Basercms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-46994 MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Basercms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10180 MEDIUM PATCH This Month

The Contact Form 7 - Repeatable Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's field_group shortcode in all versions up to, and including, 2.0.1 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Contact Form 7 Repeatable Fields
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9650 MEDIUM PATCH This Month

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip’ parameter in all versions up to, and including, 9.6.1 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Recipe Maker
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-49683 MEDIUM This Month

Missing Authorization vulnerability in Magazine3 Schema & Structured Data for WP & AMP schema-and-structured-data-for-wp allows Accessing Functionality Not Properly Constrained by ACLs.3.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-49760 MEDIUM PATCH This Month

OpenRefine is a free, open source tool for working with messy data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Openrefine
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-40595 MEDIUM This Month

An authentication-bypass issue in the RDP component of One Identity Safeguard for Privileged Sessions (SPS) On Premise before 7.5.1 (and LTS before 7.0.5.1) allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-49682 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership simple-membership allows Phishing.5.3. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD VulDB
CVSS 3.1
4.7
EPSS
0.3%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy