Skip to main content
CVE-2024-47026 MEDIUM This Month

In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-47025 MEDIUM This Month

In ppmp_protect_buf of drm_fw.c, there is a possible information disclosure due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-47019 MEDIUM This Month

In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-47018 MEDIUM This Month

In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible out of bounds read due to a buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-47015 MEDIUM This Month

In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-44099 MEDIUM This Month

There is a possible Local bypass of user interaction due to an insecure default value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-9630 MEDIUM This Month

The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wps Telegram Chat
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-37844 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mango
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-9585 MEDIUM This Month

The Image Map Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'save_project' function with an arbitrary shortcode in versions up to, and including, 6.0.20 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Image Map Pro
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-9584 MEDIUM This Month

The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Image Map Pro
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10374 MEDIUM PATCH This Month

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Members
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-47158 MEDIUM This Month

N-LINE 2.0.6 and prior versions contain a code injection vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE N Line
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-10342 MEDIUM This Month

The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS League Of Legends Shortcodes
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10150 MEDIUM This Month

The Bamazoo - Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Button Generator
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10148 MEDIUM This Month

The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Awesome Buttons
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-10380 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Petrol Pump Management
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-45842 MEDIUM This Month

Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal E Studio1058 Firmware E Studio1208 Firmware E Studio908 Firmware Bp 90C70 Firmware +316
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-9686 MEDIUM This Month

The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfw_send_test_message' function in versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Order Notification For Telegram
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-47030 MEDIUM This Month

Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-315191818. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2024-10354 MEDIUM This Month

A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Petrol Pump Management
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.7%
CVE-2024-48234 MEDIUM This Month

An issue was discovered in mipjz 5.0.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-48870 MEDIUM This Month

Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Bp 30C25 Firmware Bp 30C25T Firmware Bp 30C25Y Firmware Bp 30C25Z Firmware Bp 30M28 Firmware +316
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-37846 MEDIUM This Month

MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Mango
NVD GitHub
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-8036 MEDIUM This Month

ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. Rated medium severity (CVSS 4.6). No vendor patch available.

Abb Jwt Attack Information Disclosure
NVD
CVSS 4.0
4.6
EPSS
0.1%
CVE-2024-47028 MEDIUM This Month

In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-9109 MEDIUM PATCH This Month

The WooCommerce UPS Shipping - Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_oauth_data function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Woocommerce Ups Shipping
NVD
CVSS 3.1
4.3
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy