Skip to main content
CVE-2024-9356 MEDIUM This Month

The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpo_user_email' and 'yotpo_user_name' parameters in all versions up. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Yotpo
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-45610 MEDIUM This Month

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-45609 MEDIUM This Month

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-43418 MEDIUM This Month

GLPI is a free asset and IT management software package. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-43417 MEDIUM This Month

GLPI is a free asset and IT management software package. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-52512 MEDIUM PATCH This Month

user_oidc app is an OpenID Connect user backend for Nextcloud. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Nextcloud Open Redirect User Oidc
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-41678 MEDIUM This Month

GLPI is a free asset and IT management software package. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-48068 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Shenzhen Landray Software Co.,LTD Landray EKP v16 and earlier allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-41785 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Concert
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-10825 MEDIUM PATCH This Month

The Hide My WP Ghost - Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Hide My Wp Ghost
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-39610 MEDIUM PATCH This Month

Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fitnesse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-10793 MEDIUM This Month

The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Wp Activity Log
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2024-9609 MEDIUM PATCH This Month

The LearnPress Export Import - WordPress extension for LearnPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'learnpress_import_form_server' parameter in all. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Learnpress Export Import
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-24459 MEDIUM This Month

An invalid memory access when handling the ProtocolIE_ID field of S1Setup Request messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-24458 MEDIUM This Month

An invalid memory access when handling the ENB Configuration Transfer messages containing invalid PLMN Identities in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-24457 MEDIUM This Month

An invalid memory access when handling the ProtocolIE_ID field of E-RAB Setup List Context SURes messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-24455 MEDIUM This Month

An invalid memory access when handling a UE Context Release message containing an invalid UE identifier in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-24454 MEDIUM This Month

An invalid memory access when handling the ProtocolIE_ID field of E-RAB Modify Request messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-24453 MEDIUM This Month

An invalid memory access when handling the ProtocolIE_ID field of E-RAB NotToBeModifiedBearerModInd information element in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-24452 MEDIUM This Month

An invalid memory access when handling the ProtocolIE_ID field of E-RAB Release Indication messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-52517 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-43189 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Concert
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-52509 MEDIUM PATCH This Month

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Mail
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2024-8979 MEDIUM This Month

The Essential Addons for Elementor - Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to,. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Essential Addons For Elementor
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2024-8978 MEDIUM This Month

The Essential Addons for Elementor - Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to,. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Essential Addons For Elementor
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2024-51765 MEDIUM This Month

A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-51764 MEDIUM This Month

A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-49536 MEDIUM This Month

Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Audition
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-50983 MEDIUM This Month

FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Flightpath
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-45611 MEDIUM This Month

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-50800 MEDIUM This Month

Cross Site Scripting vulnerability in M2000 Smart4Web before v.5.020241004 allows a remote attacker to execute arbitrary code via the error parameter in URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-52518 MEDIUM This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-8961 MEDIUM This Month

The Essential Addons for Elementor - Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Essential Addons For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-24450 MEDIUM This Month

Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_resource_setup_response routine in OpenAirInterface CN5G AMF <= 2.0.0 allows a remote attacker with access to the N2 interface to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2024-24447 MEDIUM This Month

A buffer overflow in the ngap_amf_handle_pdu_session_resource_setup_response function of oai-cn5g-amf up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a PDU Session Resource Setup. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-52521 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-20373 MEDIUM This Month

A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Cisco Ios Xe Sd Wan
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-11182 MEDIUM KEV THREAT This Month

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mdaemon
NVD
CVSS 4.0
5.3
EPSS
17.1%
CVE-2024-42499 MEDIUM PATCH This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNesse releases prior to 20241026. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-51330 MEDIUM This Month

An issue in UltiMaker Cura v.4.41 and 5.8.1 and before allows a local attacker to execute arbitrary code via Inter-process communication (IPC) mechanism between Cura application and CuraEngine. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Ultimaker Cura
NVD GitHub VulDB
CVSS 3.1
5.1
EPSS
0.2%
CVE-2024-11217 MEDIUM This Month

A vulnerability was found in the OAuth-server. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google Gitlab
NVD VulDB
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-23169 MEDIUM This Month

The web interface in RSA NetWitness 11.7.2.0 allows Cross-Site Scripting (XSS) via the Where textbox on the Reports screen during new rule creation. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-3334 MEDIUM This Month

A security bypass vulnerability exists in the Removable Media Encryption (RME)component of Digital Guardian Windows Agents prior to version 8.2.0. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-52513 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-52507 MEDIUM PATCH This Month

Nextcloud Tables allows users to to create tables with individual columns. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Tables
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-52516 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-10582 MEDIUM PATCH This Month

The Music Player for Elementor - Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_mpfe_template(). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Music Player For Elementor
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-10897 MEDIUM PATCH This Month

The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Tutor Lms Elementor Addons
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-52514 LOW PATCH Monitor

Nextcloud Server is a self hosted personal cloud system. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
3.5
EPSS
0.5%
CVE-2024-46383 LOW Monitor

Hathway Skyworth Router CM5100-511 v4.1.1.24 was discovered to store sensitive information about USB and Wifi connected devices in plaintext. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
2.4
EPSS
0.3%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy