Skip to main content
CVE-2024-51720 MEDIUM This Month

An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-47588 MEDIUM This Month

In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. Rated medium severity (CVSS 4.7). No vendor patch available.

Java Information Disclosure SAP
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-29075 MEDIUM This Month

Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-8882 MEDIUM This Month

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Denial Of Service Gs1900 8 Firmware Gs1900 8Hp Firmware +8
NVD
CVSS 3.1
4.5
EPSS
0.2%
CVE-2024-36509 MEDIUM This Month

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortiweb
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-33658 MEDIUM This Month

APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow RCE Aptio V
NVD
CVSS 4.0
4.4
EPSS
0.2%
CVE-2024-28731 MEDIUM This Month

Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link CSRF Dwr 2000M Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-11117 MEDIUM This Month

Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-11116 MEDIUM This Month

Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-33510 MEDIUM This Month

An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Fortinet Fortiproxy Fortios
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-10971 MEDIUM This Month

Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devolutions Server
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-10695 MEDIUM PATCH This Month

The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Information Disclosure Futurio Extra
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-47593 MEDIUM This Month

SAP NetWeaver Application Server ABAP allows an unauthenticated attacker with network access to read files from the server, which otherwise would be restricted.This attack is possible only if a Web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation SAP
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-51749 LOW Monitor

Element is a Matrix web client built using the Matrix React SDK. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
3.5
EPSS
0.3%
CVE-2024-47799 LOW Monitor

Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2024-47587 LOW Monitor

Cash Operations does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges causing low impact to confidentiality to the application. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2024-9842 LOW Monitor

Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Secure Access Client
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-48838 LOW Monitor

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a Files or Directories Accessible to External Parties vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Dell Smartfabric Os10
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-10672 LOW PATCH Monitor

The Multiple Page Generator Plugin - MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

WordPress Information Disclosure Multiple Page Generator
NVD
CVSS 3.1
2.7
EPSS
0.5%
CVE-2024-35274 LOW Monitor

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortianalyzer Fortianalyzer Big Data Fortimanager
NVD
CVSS 3.1
2.3
EPSS
0.2%
CVE-2024-11126 LOW Monitor

A vulnerability was found in Digistar AG-30 Plus 2.6b. Rated low severity (CVSS 2.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
2.3
EPSS
0.3%
CVE-2024-50560 LOW PATCH Monitor

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable.

Information Disclosure Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware +23
NVD
CVSS 4.0
2.3
EPSS
0.3%
Prev Page 7 of 7

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy