Skip to main content
CVE-2024-53930 MEDIUM This Month

WikiDocs before 1.0.65 allows stored XSS by authenticated users via data that comes after $$\\, which is mishandled by a KaTeX parser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-11662 MEDIUM This Month

A vulnerability was found in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6538 MEDIUM This Month

A flaw was found in OpenShift Console. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-11483 MEDIUM This Month

A vulnerability was found in the Ansible Automation Platform (AAP). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.0
EPSS
0.5%
CVE-2024-53100 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queue_lock lock and destroy Commit 76d54bf20cdc ("nvme-tcp: don't access released socket during error. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-9666 MEDIUM PATCH This Month

A vulnerability was found in the Keycloak Server. Rated medium severity (CVSS 4.7). No vendor patch available.

Request Smuggling Denial Of Service
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-51723 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the Management Console of BlackBerry AtHoc version 7.15 could allow an attacker to potentially execute actions in the context of the victim's. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Athoc
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-50671 MEDIUM This Month

Incorrect access control in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-11672 MEDIUM This Month

Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Microsoft Remote Desktop Manager
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-10492 LOW PATCH Monitor

A vulnerability was found in Keycloak. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Hashicorp
NVD GitHub VulDB
CVSS 3.0
2.7
EPSS
0.1%
CVE-2024-53262 LOW PATCH Monitor

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sveltekit
NVD GitHub
CVSS 4.0
2.0
EPSS
0.5%
CVE-2024-53261 LOW PATCH Monitor

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Sveltekit
NVD GitHub
CVSS 4.0
2.0
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy