Skip to main content
CVE-2024-44263 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-44262 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Visionos
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-44261 MEDIUM This Month

This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-44175 MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-44174 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-50307 MEDIUM This Month

Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-50443 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post.1.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Postx
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-9825 MEDIUM This Month

The Chef Habitat builder-api on-prem-builder package with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference (IDOR) by un-authorized deletion. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9629 MEDIUM This Month

The Contact Form 7 + Telegram plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wpcf7_Telegram::ajax' function in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-50582 MEDIUM This Month

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-50581 MEDIUM This Month

In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-50580 MEDIUM This Month

In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-50578 MEDIUM This Month

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-50577 MEDIUM This Month

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-50576 MEDIUM This Month

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-50573 MEDIUM This Month

In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hub
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-44229 MEDIUM This Month

An information leakage was addressed with additional validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os Visionos
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-49771 MEDIUM PATCH This Month

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-10435 MEDIUM This Month

A vulnerability was found in didi Super-Jacoco 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.2%
CVE-2024-48936 MEDIUM This Month

SchedMD Slurm before 24.05.4 has Incorrect Authorization. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Slurm
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2024-51509 MEDIUM This Month

Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the Name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Tiki
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-51508 MEDIUM This Month

Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tiki
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-51507 MEDIUM This Month

Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tiki
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-51506 MEDIUM This Month

Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tiki
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-47827 MEDIUM PATCH This Month

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Rated medium severity (CVSS 4.8).

Race Condition Kubernetes Denial Of Service Argo Workflows
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-50463 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.2.9. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD VulDB
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-44274 MEDIUM This Month

The issue was addressed with improved authentication. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os Watchos
NVD VulDB
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-44137 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-44235 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-44260 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-44244 MEDIUM This Month

A memory corruption issue was addressed with improved input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Ipados Iphone Os +5
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-30106 MEDIUM This Month

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Connections
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-10214 LOW PATCH Monitor

Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure
NVD
CVSS 3.1
3.5
EPSS
0.4%
CVE-2024-44222 LOW Monitor

This issue was addressed with improved redaction of sensitive information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-40853 LOW Monitor

This issue was addressed by restricting options offered on a locked device. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-40792 LOW Monitor

A permissions issue was addressed with additional restrictions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple macOS
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-27849 LOW Monitor

A privacy issue was addressed with improved private data redaction for log entries. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-8013 LOW Monitor

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Mongo Crypt V1 So Mongocryptd
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-49755 LOW PATCH Monitor

Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
3.1
EPSS
0.3%
CVE-2024-44265 LOW Monitor

The issue was addressed by restricting options offered on a locked device. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2024-44251 LOW Monitor

This issue was addressed through improved state management. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
2.4
EPSS
0.3%
CVE-2024-40851 LOW Monitor

This issue was addressed by restricting options offered on a locked device. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
2.4
EPSS
0.2%
CVE-2024-44123 LOW Monitor

A permissions issue was addressed with additional restrictions. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
2.3
EPSS
0.0%
CVE-2024-23843 LOW Monitor

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Genians Genian NAC V5.0, Genians Genian NAC LTS V5.0.0: from V5.0.0 through V5.0.60; Genian NAC. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. No vendor patch available.

SQLi
NVD
CVSS 3.1
2.2
EPSS
0.2%
CVE-2024-5532 LOW Monitor

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent. Rated low severity (CVSS 1.8), this vulnerability is low attack complexity. No vendor patch available.

XSS Operations Agent
NVD
CVSS 4.0
1.8
EPSS
0.2%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy