Skip to main content
CVE-2024-53722 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in rockemmusic Favicon My Blog favicon-my-blog allows Stored XSS.0.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-53720 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ole1986 WP-ISPConfig 3 wp-ispconfig3 allows Stored XSS.5.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-53719 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Zajax - Ajax Navigation zajax-ajax-navigation allows Stored XSS.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-53718 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Multi Feed Reader multi-feed-reader allows Stored XSS.2.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-53717 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in yonisink yPHPlista yphplista allows Stored XSS.1.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-53716 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in overtrue wp auto top wp-auto-top allows Stored XSS.9.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-53715 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Simple Travel Map simple-travel-map allows Stored XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-53714 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Irish_Cathal Continue Shopping From Cart continue-shopping-from-cart-page allows Stored XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-53712 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in kevmimcc Kevin's kevins-plugin allows Stored XSS.0.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-53711 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in tranchesdunet Hotlink2Watermark hotlink2watermark allows Stored XSS.3.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-53710 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ITERAS ITERAS iteras allows Stored XSS.8.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-52477 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in docxpresso Document & Data Automation document-data-automation allows Stored XSS.6.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-53108 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adjust VSDB parser for replay feature At some point, the IEEE ID identification for the replay check in the AMD. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Amd Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-39343 HIGH This Week

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, Modem 5123, and Modem 5300. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Samsung Denial Of Service Exynos 2100 Firmware Exynos 1280 Firmware Exynos 1330 Firmware +6
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2024-33040 HIGH PATCH This Week

Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Fastconnect 6800 Firmware Fastconnect 6900 Firmware +27
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2024-33053 MEDIUM PATCH This Month

Memory corruption when multiple threads try to unregister the CVP buffer at the same time. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption C V2x 9150 Firmware Fastconnect 6200 Firmware +53
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-33039 MEDIUM PATCH This Month

Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Qam8255p Firmware Qam8650p Firmware Qam8775p Firmware Qamsrv1h Firmware +18
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-33036 MEDIUM PATCH This Month

Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption C V2x 9150 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware +48
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20135 MEDIUM This Month

In soundtrigger, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20134 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20133 MEDIUM This Month

In Modem, there is a possible escalation of privilege due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Nr16
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-20132 MEDIUM This Month

In Modem, there is a possible out of bonds write due to a mission bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Nr16
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-20131 MEDIUM This Month

In Modem, there is a possible escalation of privilege due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Nr16 Nr17
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-20130 MEDIUM This Month

In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Stack Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20125 MEDIUM This Month

In vdec, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-53741 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Garrett Grimm Simple Popup simple-popup-plugin allows DOM-Based XSS.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-53709 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nasir Uddin Generic Elements generic-elements-for-elementor allows DOM-Based XSS.2.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-52503 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tailored Media Tailored Tools tailored-tools allows Stored XSS.8.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-52502 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ImbaSynergy ImbaChat imbachat-widget allows DOM-Based XSS.1.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-52487 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webcodingplace Ultimate Classified Listings ultimate-classified-listings allows Stored XSS.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-52486 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SolverWp Elementor Portfolio Builder portfolio-builder-elementor allows DOM-Based XSS.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-53721 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stachethemes Advanced Event Manager advanced-event-manager allows Stored XSS.1.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-52478 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Jobify jobify allows Stored XSS.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-49581 MEDIUM This Month

Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-53259 MEDIUM PATCH This Month

quic-go is an implementation of the QUIC protocol in Go. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-20139 MEDIUM This Month

In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Software Development Kit Android Openwrt
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-20136 MEDIUM This Month

In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Rdk B Android Openwrt
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-33037 MEDIUM PATCH This Month

Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure C V2x 9150 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware +47
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-51900 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in James Hunt What Would Seth Godin Do what-would-seth-godin-do allows Stored XSS.1.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-52494 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Berneman Dynamic "To Top" dynamic-to-top allows Stored XSS.5.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-52493 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Leuze Meteor Slides meteor-slides allows Stored XSS.5.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-52492 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gopiplus Image horizontal reel scroll slideshow image-horizontal-reel-scroll-slideshow allows. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-52491 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sanil Shakya Sticky Social Icons sticky-social-icons allows Stored XSS.2.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-52489 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in udidol Add Chat App Button add-whatsapp-button allows Stored XSS.1.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-53123 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mptcp: error out earlier on disconnect Eric reported a division by zero splat in the MPTCP protocol: Oops: divide error: 0000 [#1]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Race Condition Information Disclosure Google Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-53122 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows - i.e. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Race Condition Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-53121 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, lock FTE when checking if active The referenced commits introduced a two-step process for deleting FTEs: - Lock the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Race Condition Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-53120 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow In error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add() callback. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-53119 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix accept_queue memory leak As the final stages of socket destruction may be delayed, it is possible that. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-53118 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix sk_error_queue memory leak Kernel queues MSG_ZEROCOPY completion notifications on the error queue. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy