Skip to main content
CVE-2024-38654 MEDIUM This Month

Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Denial Of Service Secure Access Client
NVD
CVSS 3.0
4.4
EPSS
0.3%
CVE-2024-10778 MEDIUM This Month

The BuddyPress Builder for Elementor - BuddyBuilder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.4 via the 'elementor-template' shortcode due. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Information Disclosure Buddybuilder
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-52549 MEDIUM PATCH This Month

Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Script Security
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-28169 MEDIUM This Month

Cleartext transmission of sensitive information for some BigDL software maintained by Intel(R) before version 2.5.0 may allow an authenticated user to potentially enable denial of service via. Rated medium severity (CVSS 4.3). No vendor patch available.

Intel Denial Of Service
NVD
CVSS 4.0
4.3
EPSS
0.1%
CVE-2024-48900 MEDIUM PATCH This Month

A vulnerability was found in Moodle. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Moodle
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-11159 MEDIUM This Month

Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-10794 MEDIUM This Month

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-11143 MEDIUM PATCH This Month

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Kognetiks Chatbot
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-10593 MEDIUM This Month

The WPForms - Easy Form Builder for WordPress - Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wpforms
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-10531 MEDIUM PATCH This Month

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_assistant() function in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Kognetiks Chatbot
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-10530 MEDIUM PATCH This Month

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the add_new_assistant() function in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Kognetiks Chatbot
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-10854 MEDIUM This Month

The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buy_one_click_import_options AJAX action in all versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Buy One Click Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-10853 MEDIUM This Month

The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Buy One Click Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-10852 MEDIUM This Month

The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the buy_one_click_export_options AJAX action in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy