Skip to main content
CVE-2024-43441 CRITICAL POC PATCH THREAT Act Now

Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server.0.0 before 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Hugegraph
NVD
CVSS 3.1
9.8
EPSS
69.7%
CVE-2024-12096 MEDIUM POC This Month

The Exhibit to WP Gallery WordPress plugin through 0.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Exhibit To Wp Gallery
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-12881 HIGH This Week

The PlugVersions - Easily rollback to previous versions of your plugins plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-12594 HIGH This Week

The Custom Login Page Styler - Login Protected Private Site , Change wp-admin login url , WordPress login logo , Temporary admin login access , Rename login , Login customizer, Hide wp-login - Limit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-12746 HIGH This Week

A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Microsoft Redshift Odbc Driver
NVD GitHub
CVSS 4.0
8.6
EPSS
0.5%
CVE-2024-12745 HIGH PATCH This Week

A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Python Redshift Connector
NVD GitHub
CVSS 4.0
8.6
EPSS
0.5%
CVE-2024-12744 HIGH PATCH This Week

A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Amazon Web Services Redshift Java Database Connectivity Driver
NVD GitHub
CVSS 4.0
8.6
EPSS
0.6%
CVE-2024-47515 HIGH This Week

A vulnerability was found in Pagure. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-53156 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() I found the following bug in my fuzzer: UBSAN:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-12582 HIGH This Week

A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kubernetes
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-53162 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_4xxx - fix off by one in uof_get_name() The fw_objs[] array has "num_objs" elements so the > needs to be >= to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-53155 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2_file_read_iter() Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value in. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-53150 HIGH KEV PATCH THREAT This Week

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Debian Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
1.3%
CVE-2024-53147 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: exfat: fix out-of-bounds access of directory entries In the case of the directory size is greater than or equal to the cluster. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-41886 MEDIUM This Month

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-41884 MEDIUM This Month

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference RCE Denial Of Service
NVD
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-41883 MEDIUM This Month

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR . Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference RCE Denial Of Service
NVD
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-41882 MEDIUM This Month

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE
NVD
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-11726 MEDIUM This Month

The Appointment Booking Calendar Plugin and Scheduling Plugin - BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpress_form' shortcode in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-10856 MEDIUM PATCH This Month

The Booking Calendar WpDevArt plugin is vulnerable to time-based, blind SQL injection via the `id` parameter in the “wpdevart_booking_calendar” shortcode in versions up to, and including, 3.2.19 due. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Booking Calendar
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-12031 MEDIUM This Month

The Advanced Floating Content plugin for WordPress is vulnerable to SQL Injection via the 'floating_content_duplicate_post' function in all versions up to, and including, 3.8.2 due to insufficient. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-12266 MEDIUM This Month

The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the elex_dp_export_rules() and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-8721 MEDIUM This Month

The Tracking Code Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tracking code field in all versions up to, and including, 2.3.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD WPScan
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-11896 MEDIUM This Month

The Text Prompter - Unlimited chatgpt text prompts for openai tasks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'text_prompter' shortcode in all versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-12814 MEDIUM This Month

The Loan Comparison plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'loancomparison' shortcode in all versions up to, and including, 2.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-12622 MEDIUM This Month

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_cart_button' and 'wp_cart_display_product' shortcodes in all versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-11885 MEDIUM This Month

The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'njtele_button shortcode in all versions up to, and including, 1.0 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-12518 MEDIUM This Month

The ShMapper by Teplitsa plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shmMap' shortcode in all versions up to, and including, 1.4.18 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-12507 MEDIUM This Month

The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'optio-lightbox' shortcode in all versions up to, and including, 2.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-12468 MEDIUM PATCH This Month

The WP Datepicker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpdp_get_selected_datepicker' parameter in all versions up to, and including, 2.1.4 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Datepicker
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-12405 MEDIUM This Month

The Export Customers Data plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 't' parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-12100 MEDIUM This Month

The Bitcoin Lightning Publisher for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-12710 MEDIUM This Month

The WP-Appbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.5.3 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-53240 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device directly after a suspend/resume cycle it might happen. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2024-41885 MEDIUM This Month

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. Rated medium severity (CVSS 5.6). No vendor patch available.

RCE
NVD
CVSS 4.0
5.6
EPSS
0.2%
CVE-2024-53163 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_420xx - fix off by one in uof_get_name() This is called from uof_get_name_420xx() where "num_objs" is the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-53161 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fix potential integer overflow The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-53158 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-53157 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-53154 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: clk: clk-apple-nco: Add NULL check in applnco_probe Add NULL check in applnco_probe, to handle kernel NULL pointer dereference. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Apple Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-53153 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert() Currently, the endpoint cleanup function dw_pcie_ep_cleanup(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

RCE Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-53152 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert() Currently, the endpoint cleanup function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

RCE Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-53151 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: svcrdma: Address an integer overflow Dan Carpenter reports: > Commit 78147ca8b4a9 ("svcrdma: Add a "parsed chunk list" data >. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-53148 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: comedi: Flush partial mappings in error case If some remap_pfn_range() calls succeeded before one failed, we still have buffer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-53146 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-53145 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: um: Fix potential integer overflow during physmem setup This issue happens when the real map size is greater than LONG_MAX, which. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-53241 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-12268 MEDIUM PATCH This Month

The Responsive Blocks - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsive-block-editor-addons/portfolio' block in all versions up to,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Responsive Blocks
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10584 MEDIUM PATCH This Month

The DirectoryPress - Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress XSS File Upload Directorypress
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-12617 MEDIUM This Month

The WC Price History for Omnibus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 2.1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.4
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy