Skip to main content
CVE-2024-38387 MEDIUM This Month

Uncontrolled search path in the Intel(R) Graphics Driver installers for versions 15.40 and 15.45 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-38383 MEDIUM PATCH This Month

Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition software for Windows before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.4).

Privilege Escalation Intel Microsoft Quartus Prime
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-37025 MEDIUM This Month

Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1 may allow an authenticated user to potentially enable. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-37024 MEDIUM This Month

Uncontrolled search path for some ACAT software maintained by Intel(R) for Windows before version 3.11.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Microsoft
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-36488 MEDIUM This Month

Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Intel Driver Support Assistant
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-36294 MEDIUM This Month

Insecure inherited permissions for some Intel(R) DSA software before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Driver Support Assistant
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-36276 MEDIUM PATCH This Month

Insecure inherited permissions for some Intel(R) CIP software before version 2.4.10852 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4).

Privilege Escalation Intel Computing Improvement Program
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-36253 MEDIUM This Month

Uncontrolled search path in the Intel(R) SDP Tool for Windows software all version may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Microsoft Server Debug And Provisioning Tool
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-36245 MEDIUM This Month

Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Oneapi Base Toolkit System Bring Up Toolkit Vtune Profiler
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-35245 MEDIUM This Month

Uncontrolled search path element in some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Microsoft
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-35201 MEDIUM This Month

Incorrect default permissions in the Intel(R) SDP Tool for Windows software all versions may allow an authenticated user to enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Microsoft Server Debug And Provisioning Tool
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-34167 MEDIUM This Month

Uncontrolled search path for the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-34165 MEDIUM This Month

Uncontrolled search path in some Intel(R) oneAPI DPC++/C++ Compiler before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-34164 MEDIUM This Month

Uncontrolled search path element in some Intel(R) MAS software before version 2.5 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-34028 MEDIUM This Month

Uncontrolled search path in some Intel(R) Graphics Offline Compiler for OpenCL(TM) Code software for Windows before version 2024.1.0.142, graphics driver 31.0.101.5445 may allow an authenticated user. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Microsoft
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-34022 MEDIUM This Month

Improper Access Control in some Thunderbolt(TM) Share software before version 1.0.49.9 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-32044 MEDIUM This Month

Improper access control for some Intel(R) Arc(TM) Pro Graphics for Windows drivers before version 31.0.101.5319 may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.4). No vendor patch available.

Authentication Bypass Privilege Escalation Intel Microsoft
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-31407 MEDIUM This Month

Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software for Intel(R) Quartus(R) Prime Pro Edition Software before version 24.1 may allow an authenticated user to potentially. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-29083 MEDIUM This Month

Incorrect default permissions in some Intel(R) Distribution for Python software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Python Intel
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-29077 MEDIUM This Month

Improper access control in some JAM STAPL Player software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-28952 MEDIUM This Month

Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Microsoft Integrated Performance Primitives Oneapi Base Toolkit
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-28950 MEDIUM This Month

Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Microsoft
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-28881 MEDIUM This Month

Uncontrolled search path for some Intel(R) Fortran Compiler Classic software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-26017 MEDIUM This Month

Uncontrolled search path in some Intel(R) Rendering Toolkit software before version 2024.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-25647 MEDIUM This Month

Incorrect default permissions for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Microsoft
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-23312 MEDIUM This Month

Uncontrolled search path for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Microsoft
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-42834 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the Create Customer API in Incognito Service Activation Center (SAC) UI v14.11 allows authenticated attackers to execute arbitrary web scripts or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-45594 MEDIUM PATCH This Month

Decidim is a participatory democracy framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Decidim
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-9682 MEDIUM This Month

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Royal Elementor Addons
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-9668 MEDIUM This Month

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.7.1001 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Royal Elementor Addons
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-9059 MEDIUM This Month

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Google Royal Elementor Addons
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-33624 MEDIUM This Month

Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an unauthenticated user to potentially enable denial of service via network access. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Denial Of Service Microsoft
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-49379 MEDIUM This Month

Umbrel is a home server OS for self-hosting. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
5.3
EPSS
1.2%
CVE-2024-10802 MEDIUM This Month

The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Hash Elements
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-10529 MEDIUM PATCH This Month

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_assistant() function in all versions up to,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Kognetiks Chatbot
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-9578 MEDIUM This Month

The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to do_shortcode being hooked through the comment_text filter in all versions up to and including 1.4.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Hide Links
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-37027 MEDIUM This Month

Improper Input validation in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Oneapi Base Toolkit System Bring Up Toolkit Vtune Profiler
NVD
CVSS 4.0
5.2
EPSS
0.2%
CVE-2024-36284 MEDIUM This Month

Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.1
EPSS
0.3%
CVE-2024-29085 MEDIUM This Month

Improper access control for some BigDL software maintained by Intel(R) before version 2.5.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Intel
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-9476 MEDIUM This Month

A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Grafana
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-43090 MEDIUM This Month

In multiple locations, there is a possible cross-user image read due to a missing permission check. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2024-11193 MEDIUM This Month

An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. Rated medium severity (CVSS 4.9). No vendor patch available.

Authentication Bypass Information Disclosure
NVD GitHub
CVSS 4.0
4.9
EPSS
0.2%
CVE-2024-40410 MEDIUM This Month

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Thinfinity Workspace
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-27200 MEDIUM This Month

Improper access control in some Intel(R) Granulate(TM) software before version 4.30.1 may allow a authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Intel
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2024-25565 MEDIUM This Month

Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow an authenticated user to enable denial of service via local access. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-23919 MEDIUM This Month

Improper buffer restrictions in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-52268 MEDIUM This Month

Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vk All In One Expansion Unit
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-29211 MEDIUM This Month

A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Ivanti Secure Access Client
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-9477 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

XSS Air4443 Firmware
NVD VulDB
CVSS 4.0
4.6
EPSS
0.1%
CVE-2024-33611 MEDIUM This Month

Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow a privileged user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Microsoft
NVD
CVSS 4.0
4.6
EPSS
0.2%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy