Skip to main content
CVE-2024-37844 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mango
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-9585 MEDIUM This Month

The Image Map Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'save_project' function with an arbitrary shortcode in versions up to, and including, 6.0.20 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Image Map Pro
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-9584 MEDIUM This Month

The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Image Map Pro
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10374 MEDIUM PATCH This Month

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Members
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-47158 MEDIUM This Month

N-LINE 2.0.6 and prior versions contain a code injection vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE N Line
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-10342 MEDIUM This Month

The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS League Of Legends Shortcodes
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10150 MEDIUM This Month

The Bamazoo - Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Button Generator
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10148 MEDIUM This Month

The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Awesome Buttons
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-10380 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Petrol Pump Management
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-45842 MEDIUM This Month

Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal E Studio1058 Firmware E Studio1208 Firmware E Studio908 Firmware Bp 90C70 Firmware +316
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-9686 MEDIUM This Month

The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfw_send_test_message' function in versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Order Notification For Telegram
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-47030 MEDIUM This Month

Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-315191818. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2024-10354 MEDIUM This Month

A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Petrol Pump Management
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.7%
CVE-2024-48234 MEDIUM This Month

An issue was discovered in mipjz 5.0.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-48870 MEDIUM This Month

Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Bp 30C25 Firmware Bp 30C25T Firmware Bp 30C25Y Firmware Bp 30C25Z Firmware Bp 30M28 Firmware +316
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-37846 MEDIUM This Month

MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Mango
NVD GitHub
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-8036 MEDIUM This Month

ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. Rated medium severity (CVSS 4.6). No vendor patch available.

Abb Jwt Attack Information Disclosure
NVD
CVSS 4.0
4.6
EPSS
0.1%
CVE-2024-47028 MEDIUM This Month

In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-9109 MEDIUM PATCH This Month

The WooCommerce UPS Shipping - Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_oauth_data function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Woocommerce Ups Shipping
NVD
CVSS 3.1
4.3
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy