Skip to main content
CVE-2024-52389 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpjobportal WP Job Portal wp-job-portal allows Stored XSS.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-52426 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Linear Oy Linear linear allows DOM-Based XSS.8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-52425 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladislav Urchenko Drozd - Addons for Elementor drozd-addons-for-elementor allows Stored XSS.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-52423 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Builder themify-builder allows Stored XSS.6.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-52422 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry L. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-52419 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clipboard Agency Copy Anything to Clipboard copy-the-code allows Stored XSS.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-50848 MEDIUM This Month

An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Worldserver
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2024-48293 MEDIUM This Month

Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and earlier allows authenticated attackers with low-level privileges to arbitrarily modify antivirus settings. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-52317 MEDIUM PATCH This Month

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2024-41972 MEDIUM This Month

A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-52926 MEDIUM This Month

Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-52922 MEDIUM This Month

In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bitcoin Core
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-52919 MEDIUM This Month

Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Bitcoin Core
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-52918 MEDIUM This Month

Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-52917 MEDIUM This Month

Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-10390 MEDIUM This Month

The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-52304 MEDIUM PATCH This Month

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Authentication Bypass Python Request Smuggling Aiohttp
NVD GitHub
CVSS 4.0
6.3
EPSS
0.6%
CVE-2024-52318 MEDIUM PATCH This Month

Incorrect object recycling and reuse vulnerability in Apache Tomcat.0.0, 10.1.31, 9.0.96. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2024-41970 MEDIUM This Month

A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-48294 MEDIUM This Month

A NULL pointer dereference in the component libPdfCore.dll of Wondershare PDF Reader v1.0.9.2544 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-11308 MEDIUM This Month

The DVC from TRCore encrypts files using a hardcoded key. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dvc
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-33231 MEDIUM This Month

Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-41968 MEDIUM This Month

A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Docker
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-52947 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-52944 MEDIUM This Month

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp XSS Enterprise Vault
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-52943 MEDIUM This Month

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp XSS Enterprise Vault
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2024-52942 MEDIUM This Month

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp XSS Enterprise Vault
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-52941 MEDIUM This Month

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24695. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp XSS
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-43416 MEDIUM PATCH This Month

GLPI is a free asset and IT management software package. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Glpi
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-42391 MEDIUM This Month

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Mongoose
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-42390 MEDIUM This Month

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Mongoose
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-42389 MEDIUM This Month

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Mongoose
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-42388 MEDIUM This Month

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Mongoose
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-42387 MEDIUM This Month

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Mongoose
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-52921 MEDIUM This Month

In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bitcoin Core
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-52913 MEDIUM This Month

In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-38828 MEDIUM PATCH This Month

Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-11023 MEDIUM PATCH This Month

Firebase JavaScript SDK utilizes a "FIREBASE_DEFAULTS" cookie to store configuration data, including an "_authTokenSyncURL" field used for session synchronization. Rated medium severity (CVSS 5.2), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Firebase Javascript Sdk
NVD GitHub
CVSS 4.0
5.2
EPSS
0.1%
CVE-2024-11304 MEDIUM This Month

Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS).1.22 and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-52390 MEDIUM This Month

Path Traversal: '.../...//' vulnerability in Greg Ross CYAN Backup cyan-backup allows Path Traversal.5.3. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2024-52584 MEDIUM PATCH This Month

Autolab is a course management service that enables auto-graded programming assignments. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Autolab
NVD GitHub
CVSS 4.0
4.9
EPSS
0.2%
CVE-2024-50849 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Worldserver
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-48901 MEDIUM PATCH This Month

A vulnerability was found in Moodle. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Moodle
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-48898 MEDIUM PATCH This Month

A vulnerability was found in Moodle. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Moodle
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-48897 MEDIUM PATCH This Month

A vulnerability was found in Moodle. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Moodle
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-48896 MEDIUM PATCH This Month

A vulnerability was found in Moodle. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Moodle
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-47820 LOW PATCH Monitor

MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity.

Path Traversal Markus
NVD GitHub
CVSS 3.1
3.5
EPSS
0.7%
CVE-2024-52587 LOW Monitor

StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
2.7
EPSS
2.7%
CVE-2024-52585 LOW PATCH Monitor

Autolab is a course management service that enables auto-graded programming assignments. Rated low severity (CVSS 1.2), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Autolab
NVD GitHub
CVSS 4.0
1.2
EPSS
0.3%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy