Skip to main content
CVE-2024-54155 MEDIUM This Month

In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Youtrack
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-12123 MEDIUM This Month

A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-20397 MEDIUM This Month

A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco
NVD
CVSS 3.1
5.2
EPSS
0.3%
CVE-2024-11479 MEDIUM This Month

A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-12151 MEDIUM This Month

Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Devolutions Server
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2024-45717 MEDIUM This Month

The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

XSS Solarwinds Platform
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-53136 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm: revert "mm: shmem: fix data-race in shmem_getattr()" Revert d949d1d14fa2 ("mm: shmem: fix data-race in shmem_getattr()") as. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-11985 MEDIUM This Month

An improper input validation vulnerability leads to device crashes in certain ASUS router models. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-12148 MEDIUM This Month

Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Devolutions Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-10787 MEDIUM PATCH This Month

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Information Disclosure La Studio Element Kit For Elementor
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-10664 MEDIUM This Month

The Knowledge Base documentation & wiki plugin - BasePress Docs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-12099 MEDIUM This Month

The Dollie Hub - Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the 'elementor-template' shortcode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-10663 MEDIUM This Month

The Eleblog - Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbye_form_callback() function in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-45204 MEDIUM This Month

A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Veeam Backup Replication
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy