Skip to main content
CVE-2024-51682 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Builder - WordPress Theme Builder for Elementor ht-builder allows Stored XSS.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-51681 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs wp-pocket-urls allows Stored XSS.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-51680 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrestaProject Cresta Addons for Elementor cresta-addons-for-elementor allows Stored XSS.0.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-51678 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcel Pol Elo Rating Shortcode elo-rating-shortcode allows Stored XSS.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-51677 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Knowledge Base knowledgebase allows Stored XSS.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-38405 MEDIUM PATCH This Month

Transient DOS while processing the CU information from RNR IE. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +94
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-38403 MEDIUM PATCH This Month

Transient DOS while parsing BTM ML IE when per STA profile is not included. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +73
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-33068 MEDIUM PATCH This Month

Transient DOS while parsing fragments of MBSSID IE from beacon frame. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Wsa8845h Firmware Wsa8845 Firmware +119
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-23385 MEDIUM PATCH This Month

Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +87
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-20107 MEDIUM This Month

In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto Rdk B Android +1
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-51685 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Gangolf Accordion title for Elementor accordion-title-for-elementor allows Stored XSS.2.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-10389 MEDIUM PATCH This Month

There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity.

Path Traversal Safearchive
NVD GitHub
CVSS 4.0
5.9
EPSS
0.2%
CVE-2024-45086 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Websphere Application Server
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-51502 MEDIUM PATCH This Month

loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-45185 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123,. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 1080 Firmware Exynos 1280 Firmware +16
NVD
CVSS 3.1
5.1
EPSS
0.2%
CVE-2024-34883 MEDIUM This Month

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bitrix24
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-34887 MEDIUM This Month

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bitrix24
NVD GitHub
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-34882 MEDIUM This Month

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bitrix24
NVD GitHub
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-10523 MEDIUM This Month

This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required. No vendor patch available.

TP-Link Information Disclosure Tapo H100 Firmware
NVD
CVSS 4.0
4.4
EPSS
0.1%
CVE-2024-20124 MEDIUM This Month

In vdec, there is a possible out of bounds read due to improper structure design. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20123 MEDIUM This Month

In vdec, there is a possible out of bounds read due to improper structure design. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20122 MEDIUM This Month

In vdec, there is a possible out of bounds read due to improper structure design. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20117 MEDIUM This Month

In vdec, there is a possible out of bounds read due to improper structure design. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20112 MEDIUM This Month

In isp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy