Skip to main content
CVE-2024-50080 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ublk: don't allow user copy for unprivileged device UBLK_F_USER_COPY requires userspace to call write() on ublk char device for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-50079 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: io_uring/sqpoll: ensure task state is TASK_RUNNING when running task_work When the sqpoll is exiting and cancels pending work. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-50078 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Call iso_exit() on module unload If iso_init() has been called, iso_exit() must be called on module unload. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-50077 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix multiple init when debugfs is disabled If bt_debugfs is not created successfully, which happens if either. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-50075 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xhci: tegra: fix checked USB2 port number If USB virtualizatoin is enabled, USB2 ports are shared between all Virtual Functions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-50072 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported below #GP in 32-bit mode when dosemu software was. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

RCE Intel Dell Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-50070 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: pinctrl: stm32: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-50069 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: pinctrl: apple: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Apple Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-50068 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets() The sysfs_target->regions allocated in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-50456 MEDIUM This Month

Missing Authorization vulnerability in Benjamin Denis SEOPress wp-seopress allows Exploiting Incorrectly Configured Access Control Security Levels.1.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-50459 MEDIUM This Month

Missing Authorization vulnerability in Hossni Mubarak AidWP wp-stripe-donation allows Exploiting Incorrectly Configured Access Control Security Levels.2.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-50423 MEDIUM This Month

Missing Authorization vulnerability in WPDeveloper Templately templately allows Exploiting Incorrectly Configured Access Control Security Levels.1.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-9505 MEDIUM PATCH This Month

The Beaver Builder - WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Beaver Builder
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10226 MEDIUM PATCH This Month

The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Arconix Shortcodes
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10266 MEDIUM PATCH This Month

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Box widget in all versions up to, and including, 4.10.60 due to insufficient. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Premium Addons For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10233 MEDIUM PATCH This Month

The SMS Alert Order Notifications - WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_subscribe shortcode in all versions up to, and including, 3.7.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Sms Alert Order Notifications
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10000 MEDIUM This Month

The Masteriyo LMS - eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the question's content parameter in all versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Masteriyo
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-50454 MEDIUM This Month

Missing Authorization vulnerability in Benjamin Denis SEOPress wp-seopress allows Exploiting Incorrectly Configured Access Control Security Levels.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-50422 MEDIUM This Month

Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.1.14. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-50421 MEDIUM This Month

Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips woocommerce-pdf-invoices-packing-slips allows Exploiting Incorrectly Configured Access Control Security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-48572 MEDIUM This Month

A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to obtain email addresses via the "Add a user" feature. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Aquilacms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-10468 MEDIUM This Month

Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Race Condition Mozilla Firefox Thunderbird
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-10460 MEDIUM This Month

The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-25566 MEDIUM This Month

An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Access Management
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-48461 MEDIUM This Month

Cross Site Scripting vulnerability in TeslaLogger Admin Panel before v.1.59.6 allows a remote attacker to execute arbitrary code via the New Journey field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-49768 MEDIUM PATCH This Month

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Waitress
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-50082 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: blk-rq-qos: fix crash on rq_qos_wait vs. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-46872 MEDIUM PATCH This Month

Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mattermost CSRF Mattermost Server
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-45477 MEDIUM PATCH This Month

Apache NiFi 1.10.0 through 1.27.0 and 2.0.0-M1 through 2.0.0-M3 support a description field for Parameters in a Parameter Context configuration that is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Nifi
NVD
CVSS 3.1
4.6
EPSS
0.6%
CVE-2024-50455 MEDIUM This Month

Missing Authorization vulnerability in Benjamin Denis SEOPress wp-seopress allows Exploiting Incorrectly Configured Access Control Security Levels.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-50428 MEDIUM This Month

Missing Authorization vulnerability in mondula2016 Multi Step Form multi-step-form allows Exploiting Incorrectly Configured Access Control Security Levels.7.21. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-10360 MEDIUM PATCH This Month

The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure PHP Move Addons For Elementor
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-10437 MEDIUM This Month

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajax_enable function in all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-50052 MEDIUM PATCH This Month

Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-10312 MEDIUM PATCH This Month

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.4 via the render function in elements/tabs/tabs.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure PHP Exclusive Addons For Elementor
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-10241 MEDIUM PATCH This Month

Mattermost versions 9.5.x <= 9.5.9 fail to properly filter the channel data when ElasticSearch is enabled which allows a user to get private channel names by using cmd+K/ctrl+K. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Mattermost Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy