Skip to main content
CVE-2024-12560 MEDIUM PATCH This Month

The Button Block - Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Button Block
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-10548 MEDIUM PATCH This Month

The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Wp Project Manager
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-52897 MEDIUM This Month

IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Mq
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-52896 MEDIUM This Month

IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Mq
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-52794 MEDIUM This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Discourse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-47093 MEDIUM PATCH This Month

Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nagvis
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-12798 MEDIUM PATCH This Month

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

RCE Java
NVD
CVSS 4.0
5.9
EPSS
0.4%
CVE-2024-11616 MEDIUM This Month

Netskope was made aware of a security vulnerability in Netskope Endpoint DLP’s Content Control Driver where a double-fetch issue leads to heap overflow. Rated medium severity (CVSS 5.6). No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVSS 4.0
5.6
EPSS
0.3%
CVE-2024-45819 MEDIUM PATCH This Month

PVH guests have their ACPI tables constructed by the toolstack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Xen
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-49336 MEDIUM This Month

IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM Security Guardium
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-12121 MEDIUM This Month

The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-51471 MEDIUM This Month

IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Buffer Overflow Information Disclosure Mq Appliance
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-12793 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Pbootcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12789 MEDIUM This Month

A vulnerability was found in PbootCMS up to 3.2.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Pbootcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11768 MEDIUM PATCH This Month

The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Download Manager
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-12569 MEDIUM This Month

Disclosure of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera credentials stored in the Recording Server under. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.2
EPSS
0.1%
CVE-2024-9102 MEDIUM This Month

phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Code Injection
NVD GitHub
CVSS 4.0
5.0
EPSS
0.4%
CVE-2024-38864 MEDIUM This Month

Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Checkmk
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-2201 MEDIUM This Month

A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Intel Linux
NVD GitHub
CVSS 3.1
4.7
EPSS
8.6%
CVE-2024-12331 MEDIUM This Month

The File Manager Pro - Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_plugin' function in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Filester
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-54009 MEDIUM This Month

Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information. Rated medium severity (CVSS 4.0). No vendor patch available.

Authentication Bypass Information Disclosure
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2024-52589 LOW Monitor

Discourse is an open source platform for community discussion. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
2.7
EPSS
0.2%
CVE-2024-12801 LOW PATCH Monitor

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

SSRF Java
NVD
CVSS 4.0
2.4
EPSS
0.2%
CVE-2024-9101 LOW Monitor

A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
2.1
EPSS
0.5%
CVE-2024-54982 Awaiting Data

An issue in Quectel BC25 with firmware version BC25PAR01A06 allows attackers to bypass authentication via a crafted NAS message. No vendor patch available.

Authentication Bypass
NVD GitHub
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy