Skip to main content
CVE-2024-11683 MEDIUM This Month

The Newsletter Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'token_type' parameter in all versions up to, and including, 2.1 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-54492 MEDIUM This Month

This issue was addressed by using HTTPS when sending information over the network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-54494 MEDIUM This Month

A race condition was addressed with additional validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Apple Information Disclosure Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-12289 MEDIUM PATCH This Month

Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Boundary
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-28145 MEDIUM This Month

An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi PHP
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-54102 MEDIUM This Month

Race condition vulnerability in the DDR module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-54526 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.5%
CVE-2024-44243 MEDIUM This Month

A configuration issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-54471 MEDIUM This Month

This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-54527 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-54501 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-54500 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-54513 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-54476 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-54474 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-44300 MEDIUM This Month

A logic issue was addressed with improved file handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-54477 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-44201 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-28144 MEDIUM This Month

An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Session Fixation Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-54101 MEDIUM This Month

Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-54096 MEDIUM This Month

Vulnerability of improper access control in the MTP module Impact: Successful exploitation of this vulnerability may affect integrity and accuracy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-54531 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-54524 MEDIUM This Month

A logic issue was addressed with improved file handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Memory Corruption macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-54504 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-54495 MEDIUM This Month

The issue was addressed with improved permissions logic. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-54490 MEDIUM This Month

This issue was addressed by enabling hardened runtime. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-54484 MEDIUM This Month

The issue was resolved by sanitizing logging. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-44220 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple File Upload macOS
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-49065 MEDIUM This Month

Microsoft Office Remote Code Execution Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Microsoft 365 Apps +4
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2024-8179 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10784 MEDIUM PATCH This Month

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Tile Gallery' widget in all versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Unlimited Elements For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10583 MEDIUM PATCH This Month

The Popup Maker - Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_title’ parameter in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Popup Maker
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-44212 MEDIUM This Month

A cookie management issue was addressed with improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-54466 MEDIUM This Month

An authorization issue was addressed with improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-44246 MEDIUM This Month

The issue was addressed with improved routing of Safari-originated requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Safari Ipados +2
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-12265 MEDIUM This Month

The Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/depay/wc/debug REST API endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-12536 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Microsoft Advocate Office Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-54510 MEDIUM This Month

A race condition was addressed with improved locking. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Race Condition Apple Information Disclosure Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
5.1
EPSS
0.0%
CVE-2024-54122 MEDIUM This Month

Concurrent variable access vulnerability in the ability module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Harmonyos
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-47947 MEDIUM This Month

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-36498 MEDIUM This Month

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-36494 MEDIUM This Month

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-28142 MEDIUM This Month

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-41146 MEDIUM This Month

Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-49087 MEDIUM This Month

Windows Mobile Broadband Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
4.6
EPSS
0.9%
CVE-2024-12401 MEDIUM PATCH This Month

A flaw was found in the cert-manager package. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.6%
CVE-2024-50584 MEDIUM This Month

An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/template_io.php file and supplying malicious GET parameters. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

SQLi PHP
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-12271 MEDIUM This Month

The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2024-11727 MEDIUM This Month

The NotificationX - Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar plugin for WordPress is vulnerable to Stored Cross-Site. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-12526 MEDIUM This Month

The Arena.IM - Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Arena Im
NVD
CVSS 3.1
4.3
EPSS
0.2%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy