Skip to main content
CVE-2024-12148 MEDIUM This Month

Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Devolutions Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-10787 MEDIUM PATCH This Month

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Information Disclosure La Studio Element Kit For Elementor
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-10664 MEDIUM This Month

The Knowledge Base documentation & wiki plugin - BasePress Docs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-12099 MEDIUM This Month

The Dollie Hub - Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the 'elementor-template' shortcode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-10663 MEDIUM This Month

The Eleblog - Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbye_form_callback() function in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-45204 MEDIUM This Month

A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Veeam Backup Replication
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-38829 LOW PATCH Monitor

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Information Disclosure
NVD
CVSS 3.1
3.7
EPSS
0.4%
CVE-2024-12056 LOW Monitor

The Client secret is not checked when using the OAuth Password grant type. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
2.3
EPSS
0.3%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy