Skip to main content
CVE-2024-9422 MEDIUM POC This Month

The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress Information Disclosure PHP Geo My Wordpress Geo My Wordpress Premium Settings
NVD WPScan
CVSS 3.1
6.6
EPSS
0.7%
CVE-2024-11630 MEDIUM This Month

A vulnerability has been found in E-Lins H685, H685f, H700, H720, H750, H820, H820Q, H820Q0 and H900 up to 3.2 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-11618 MEDIUM This Month

A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-50395 MEDIUM This Month

An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Media Streaming Add On
NVD
CVSS 4.0
6.9
EPSS
1.3%
CVE-2024-8360 MEDIUM This Month

Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Infotainment
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-8359 MEDIUM This Month

Visteon Infotainment REFLASH_DDU_FindFile Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Infotainment
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-8358 MEDIUM This Month

Visteon Infotainment UPDATES_ExtractFile Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Infotainment
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-8355 MEDIUM This Month

Visteon Infotainment System DeviceManager iAP Serial Number SQL Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Infotainment Firmware
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2024-6247 MEDIUM This Month

Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Cam V3 Firmware
NVD
CVSS 3.0
6.8
EPSS
2.2%
CVE-2024-50657 MEDIUM This Month

An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-51074 MEDIUM This Month

Incorrect access control in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to arbitrarily change odometer readings in the vehicle by targeting the instrument. Rated medium severity (CVSS 6.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-51073 MEDIUM This Month

An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to control or disrupt CAN communication between the instrument cluster and CAN bus. Rated medium severity (CVSS 6.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-7392 MEDIUM This Month

ChargePoint Home Flex Bluetooth Low Energy Denial-of-Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Home Flex Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-9665 MEDIUM This Month

Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure CSRF Zimbra
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-9257 MEDIUM This Month

Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unified Secops Platform
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-11612 MEDIUM This Month

7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 7 Zip
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2024-51766 MEDIUM This Month

A potential security vulnerability has been identified in the HPE NonStop DISK UTIL (T9208) product. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-39290 MEDIUM This Month

Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM and IXG SYSTEM. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2024-11381 MEDIUM This Month

The Control horas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ch_registro' shortcode in all versions up to, and including, 1.0.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.7%
CVE-2024-11225 MEDIUM This Month

The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-30372 MEDIUM This Month

Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ssti Allegra
NVD
CVSS 3.1
6.3
EPSS
1.1%
CVE-2024-47863 MEDIUM This Month

An issue was discovered in Centreon Web 24.10.x before 24.10.0, 24.04.x before 24.04.8, 23.10.x before 23.10.18, 23.04.x before 23.04.23, and 22.10.x before 22.10.26. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.2
EPSS
0.6%
CVE-2024-8735 MEDIUM PATCH This Month

The MailMunch - Grow your Email List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Mailmunch
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-41781 MEDIUM This Month

IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Powervm Hypervisor
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-7391 MEDIUM This Month

ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Home Flex Firmware
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2024-7511 MEDIUM This Month

Trimble SketchUp Pro SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Sketchup
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-7236 MEDIUM This Month

AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Antivirus
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-7235 MEDIUM This Month

AVG AntiVirus Free Link Following Denial-of-Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Antivirus
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-7228 MEDIUM This Month

Avast Free Antivirus Link Following Denial-of-Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Free Antivirus
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8849 MEDIUM This Month

PDF-XChange Editor AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8848 MEDIUM This Month

PDF-XChange Editor AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8846 MEDIUM This Month

PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8845 MEDIUM This Month

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-8844 MEDIUM This Month

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-8843 MEDIUM This Month

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-8841 MEDIUM This Month

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8839 MEDIUM This Month

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8836 MEDIUM This Month

PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-8835 MEDIUM This Month

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8834 MEDIUM This Month

PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8832 MEDIUM This Month

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-8829 MEDIUM This Month

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8828 MEDIUM This Month

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8824 MEDIUM This Month

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8823 MEDIUM This Month

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8822 MEDIUM This Month

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8821 MEDIUM This Month

PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure RCE Memory Corruption Pdf Tools +1
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-8820 MEDIUM This Month

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8819 MEDIUM This Month

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8816 MEDIUM This Month

PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure RCE Memory Corruption Pdf Tools +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy