Skip to main content
CVE-2024-42389 MEDIUM This Month

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Mongoose
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-42388 MEDIUM This Month

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Mongoose
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-42387 MEDIUM This Month

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Mongoose
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-52921 MEDIUM This Month

In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bitcoin Core
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-52913 MEDIUM This Month

In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-38828 MEDIUM PATCH This Month

Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-11023 MEDIUM PATCH This Month

Firebase JavaScript SDK utilizes a "FIREBASE_DEFAULTS" cookie to store configuration data, including an "_authTokenSyncURL" field used for session synchronization. Rated medium severity (CVSS 5.2), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Firebase Javascript Sdk
NVD GitHub
CVSS 4.0
5.2
EPSS
0.1%
CVE-2024-11304 MEDIUM This Month

Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS).1.22 and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-52390 MEDIUM This Month

Path Traversal: '.../...//' vulnerability in Greg Ross CYAN Backup cyan-backup allows Path Traversal.5.3. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2024-52584 MEDIUM PATCH This Month

Autolab is a course management service that enables auto-graded programming assignments. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Autolab
NVD GitHub
CVSS 4.0
4.9
EPSS
0.2%
CVE-2024-50849 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Worldserver
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-48901 MEDIUM PATCH This Month

A vulnerability was found in Moodle. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Moodle
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-48898 MEDIUM PATCH This Month

A vulnerability was found in Moodle. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Moodle
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-48897 MEDIUM PATCH This Month

A vulnerability was found in Moodle. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Moodle
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-48896 MEDIUM PATCH This Month

A vulnerability was found in Moodle. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Moodle
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy