132 CVEs tracked today. 9 Critical, 28 High, 83 Medium, 2 Low.
-
CVE-2025-22141
CRITICAL
CVSS 9.4
WeGIA is a web manager for charitable institutions. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PHP
SQLi
Wegia
-
CVE-2025-22140
CRITICAL
CVSS 9.4
WeGIA is a web manager for charitable institutions. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PHP
SQLi
Wegia
-
CVE-2025-0282
CRITICAL
CVSS 9.0
Ivanti Connect Secure, Policy Secure, and Neurons for ZTA contain a stack-based buffer overflow allowing unauthenticated remote code execution, the second major Ivanti VPN zero-day in twelve months.
RCE
Stack Overflow
Buffer Overflow
Ivanti
Connect Secure
-
CVE-2024-50603
CRITICAL
CVSS 10.0
Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996 contains an OS command injection via improper neutralization of special elements in the /v1/api endpoint, allowing unauthenticated remote code execution.
RCE
Command Injection
Controller
-
CVE-2024-11635
CRITICAL
CVSS 9.8
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.2% and no vendor patch available.
RCE
File Upload
Code Injection
WordPress
-
CVE-2024-11613
CRITICAL
CVSS 9.8
The WordPress File Upload plugin through version 4.24.15 contains critical vulnerabilities in wfu_file_downloader.php enabling remote code execution, arbitrary file read, and arbitrary file deletion. The lack of proper sanitization on the source parameter combined with user-defined directory paths allows unauthenticated attackers to fully compromise the server.
PHP
RCE
Code Injection
WordPress
File Upload
-
CVE-2025-22137
CRITICAL
CVSS 9.8
Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
-
CVE-2024-54676
CRITICAL
CVSS 9.8
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization
Apache
Openmeetings
-
CVE-2024-11350
CRITICAL
CVSS 9.8
The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress
Privilege Escalation
Adforest
-
CVE-2025-22136
HIGH
CVSS 8.6
Tabby (formerly Terminus) is a highly configurable terminal emulator. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
RCE
Code Injection
Apple
-
CVE-2025-21111
HIGH
CVSS 7.5
Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.
Dell
Information Disclosure
Vxrail D560 Firmware
Vxrail D560F Firmware
Vxrail E460 Firmware
-
CVE-2025-21102
HIGH
CVSS 7.5
Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.
Dell
Information Disclosure
Vxrail D560 Firmware
Vxrail D560F Firmware
Vxrail E460 Firmware
-
CVE-2025-0291
HIGH
CVSS 8.8
Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.1% and no vendor patch available.
Google
Memory Corruption
RCE
Chrome
Suse
-
CVE-2025-0283
HIGH
CVSS 7.0
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a. Rated high severity (CVSS 7.0). Epss exploitation probability 45.1% and no vendor patch available.
Stack Overflow
Buffer Overflow
Ivanti
Connect Secure
Neurons For Zero Trust Access
-
CVE-2024-56784
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adding array index check to prevent memory corruption [Why & How] Array indices out of bound caused memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Amd
Memory Corruption
Buffer Overflow
Linux
Linux Kernel
-
CVE-2024-56775
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix handling of plane refcount [Why] The mechanism to backup and restore plane states doesn't maintain refcount,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.
Information Disclosure
Amd
Linux
Linux Kernel
Redhat
-
CVE-2024-56772
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: kunit: string-stream: Fix a UAF bug in kunit_init_suite() In kunit_debugfs_create_suite(), if alloc_string_stream() fails in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Information Disclosure
Memory Corruption
Use After Free
Linux
Linux Kernel
-
CVE-2024-56451
HIGH
CVSS 7.3
Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Buffer Overflow
Harmonyos
-
CVE-2024-56447
HIGH
CVSS 7.8
Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Emui
Harmonyos
-
CVE-2024-56444
HIGH
CVSS 7.5
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Privilege Escalation
Harmonyos
-
CVE-2024-56439
HIGH
CVSS 7.5
Access control vulnerability in the identity authentication module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5). No vendor patch available.
Information Disclosure
Harmonyos
-
CVE-2024-55656
HIGH
CVSS 8.8
RedisBloom adds a set of probabilistic data structures to Redis. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.1% and no vendor patch available.
Redis
Integer Overflow
Information Disclosure
-
CVE-2024-55517
HIGH
CVSS 8.8
An issue was discovered in the Interllect Core Search in Polaris FT Intellect Core Banking 9.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQLi
-
CVE-2024-54818
HIGH
CVSS 8.8
SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Information Disclosure
Computer Laboratory Management System
-
CVE-2024-51737
HIGH
CVSS 7.0
RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. Rated high severity (CVSS 7.0). No vendor patch available.
Heap Overflow
Redis
Buffer Overflow
RCE
-
CVE-2024-51480
HIGH
CVSS 7.0
RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Rated high severity (CVSS 7.0). No vendor patch available.
Heap Overflow
Redis
Buffer Overflow
RCE
-
CVE-2024-51442
HIGH
CVSS 8.8
Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 32.7% and no vendor patch available.
Command Injection
Suse
-
CVE-2024-45033
HIGH
CVSS 8.1
Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider.5.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Information Disclosure
Apache
Apache Airflow Providers Fab
-
CVE-2024-12854
HIGH
CVSS 8.8
The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.1% and no vendor patch available.
RCE
File Upload
WordPress
-
CVE-2024-12853
HIGH
CVSS 8.8
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.4% and no vendor patch available.
RCE
File Upload
WordPress
Modula Image Gallery
-
CVE-2024-11939
HIGH
CVSS 7.5
The Cost Calculator Builder PRO plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘data’ parameter in all versions up to, and including, 3.2.15 due to insufficient escaping. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress
SQLi
-
CVE-2024-11916
HIGH
CVSS 7.4
The The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
RCE
Authentication Bypass
WordPress
Wp Extended
-
CVE-2024-11816
HIGH
CVSS 8.8
The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.1%.
RCE
Authentication Bypass
WordPress
Ultimate Wordpress Toolkit
-
CVE-2024-11423
HIGH
CVSS 7.5
The Ultimate Gift Cards for WooCommerce - Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.7% and no vendor patch available.
Authentication Bypass
WordPress
-
CVE-2024-11271
HIGH
CVSS 8.8
The WordPress Webinar Plugin - WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Authentication Bypass
WordPress
Webinarpress
-
CVE-2024-11270
HIGH
CVSS 8.8
The WordPress Webinar Plugin - WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
RCE
Authentication Bypass
WordPress
Webinarpress
-
CVE-2024-9939
HIGH
CVSS 7.5
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
PHP
File Upload
WordPress
Path Traversal
-
CVE-2025-22215
MEDIUM
CVSS 4.3
VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware
SSRF
-
CVE-2025-22145
MEDIUM
CVSS 6.3
Carbon is an international PHP extension for DateTime. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
RCE
Lfi
PHP
-
CVE-2025-22143
MEDIUM
CVSS 6.4
WeGIA is a web manager for charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PHP
XSS
Wegia
-
CVE-2025-22139
MEDIUM
CVSS 6.4
WeGIA is a web manager for charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PHP
XSS
Wegia
-
CVE-2025-22130
MEDIUM
CVSS 5.3
Soft Serve is a self-hostable Git server for the command line. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
Path Traversal
Soft Serve
Suse
-
CVE-2025-21603
MEDIUM
CVSS 4.8
Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
-
CVE-2025-20168
MEDIUM
CVSS 5.4
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cisco
XSS
Crosswork Network Controller
Common Services Platform Collector
-
CVE-2025-20167
MEDIUM
CVSS 5.4
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cisco
XSS
Crosswork Network Controller
Common Services Platform Collector
-
CVE-2025-20166
MEDIUM
CVSS 5.4
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cisco
XSS
Crosswork Network Controller
Common Services Platform Collector
-
CVE-2025-20126
MEDIUM
CVSS 4.8
A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Information Disclosure
Cisco
Apple
Thousandeyes Endpoint Agent
macOS
-
CVE-2025-20123
MEDIUM
CVSS 4.8
Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cisco
XSS
Crosswork Network Controller
-
CVE-2025-0194
MEDIUM
CVSS 6.5
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Gitlab
Information Disclosure
-
CVE-2024-56787
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: soc: imx8m: Probe the SoC driver as platform driver With driver_async_probe=* on kernel command line, the following trace is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-56785
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a Fix the dtc warnings:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-56783
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level cgroup maximum depth is INT_MAX by default, there is a cgroup. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-56782
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration() acpi_dev_hid_match() does not check for adev == NULL,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Null Pointer Dereference
Linux
Denial Of Service
Linux Kernel
Redhat
-
CVE-2024-56780
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: quota: flush quota_release_work upon quota writeback One of the paths quota writeback is called from is: freeze_super(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-56779
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur The action force umount(umount -f) will attempt to kill all rpc_task. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-56778
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check The return value of drm_atomic_get_crtc_state(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-56777
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check The return value of drm_atomic_get_crtc_state(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-56776
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers The return value of drm_atomic_get_crtc_state() needs to be checked. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-56774
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: btrfs: add a sanity check for btrfs root in btrfs_search_slot() Syzbot reports a null-ptr-deref in btrfs_search_slot(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Null Pointer Dereference
Linux
Denial Of Service
Linux Kernel
Redhat
-
CVE-2024-56773
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: kunit: Fix potential null dereference in kunit_device_driver_test() kunit_kzalloc() may return a NULL pointer, dereferencing it. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Null Pointer Dereference
Linux
Denial Of Service
Linux Kernel
Redhat
-
CVE-2024-56771
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information These four chips: * W25N512GW * W25N01GW * W25N01JW *. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-56770
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: account for backlog updates from child qdisc In general, 'qlen' of any classful qdisc should keep track of the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-56456
MEDIUM
CVSS 6.8
Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Harmonyos
-
CVE-2024-56455
MEDIUM
CVSS 5.5
Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Buffer Overflow
Harmonyos
-
CVE-2024-56454
MEDIUM
CVSS 5.5
Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Buffer Overflow
Harmonyos
-
CVE-2024-56453
MEDIUM
CVSS 6.8
Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Harmonyos
-
CVE-2024-56452
MEDIUM
CVSS 5.5
Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Buffer Overflow
Harmonyos
-
CVE-2024-56450
MEDIUM
CVSS 6.3
Buffer overflow vulnerability in the component driver module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.
Buffer Overflow
Emui
Harmonyos
-
CVE-2024-56449
MEDIUM
CVSS 6.6
Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Emui
Harmonyos
-
CVE-2024-56448
MEDIUM
CVSS 6.7
Vulnerability of improper access control in the home screen widget module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
RCE
Code Injection
Emui
Harmonyos
-
CVE-2024-56446
MEDIUM
CVSS 4.0
Vulnerability of variables not being initialized in the notification module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Harmonyos
-
CVE-2024-56445
MEDIUM
CVSS 4.3
Instruction authentication bypass vulnerability in the Findnetwork module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Harmonyos
-
CVE-2024-56443
MEDIUM
CVSS 6.2
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Harmonyos
-
CVE-2024-56442
MEDIUM
CVSS 5.5
Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure
Emui
Harmonyos
-
CVE-2024-56441
MEDIUM
CVSS 4.1
Race condition vulnerability in the Bastet module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 4.1). No vendor patch available.
Race Condition
Information Disclosure
Emui
Harmonyos
-
CVE-2024-56440
MEDIUM
CVSS 6.2
Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Privilege Escalation
Emui
Harmonyos
-
CVE-2024-56438
MEDIUM
CVSS 6.0
Vulnerability of improper memory address protection in the HUKS module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
Buffer Overflow
Emui
Harmonyos
-
CVE-2024-56437
MEDIUM
CVSS 5.7
Vulnerability of input parameters not being verified in the widget framework module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Harmonyos
-
CVE-2024-56436
MEDIUM
CVSS 5.5
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
XSS
Harmonyos
-
CVE-2024-56435
MEDIUM
CVSS 6.2
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
XSS
Harmonyos
-
CVE-2024-56434
MEDIUM
CVSS 4.4
UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device. Rated medium severity (CVSS 4.4). No vendor patch available.
Memory Corruption
Use After Free
Information Disclosure
Emui
Harmonyos
-
CVE-2024-55459
MEDIUM
CVSS 6.5
An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Keras
Redhat
-
CVE-2024-54731
MEDIUM
CVSS 4.0
cpdf through 2.8 allows stack consumption via a crafted PDF document. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
-
CVE-2024-54121
MEDIUM
CVSS 6.2
Startup control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Harmonyos
-
CVE-2024-54120
MEDIUM
CVSS 4.1
Race condition vulnerability in the distributed notification module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 4.1). No vendor patch available.
Race Condition
Information Disclosure
Harmonyos
-
CVE-2024-53526
MEDIUM
CVSS 6.4
composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the handle_tool_calls function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Command Injection
Composio
-
CVE-2024-52869
MEDIUM
CVSS 6.0
Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.
Information Disclosure
-
CVE-2024-47934
MEDIUM
CVSS 6.9
Improper Input Validation vulnerability in Management Program in TXOne Networks Portable Inspector and Portable Inspector Pro Edition allows remote attacker to crash management service. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial Of Service
-
CVE-2024-47239
MEDIUM
CVSS 6.5
Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Dell
Denial Of Service
Powerscale Onefs
-
CVE-2024-40679
MEDIUM
CVSS 5.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Microsoft
IBM
Information Disclosure
Db2
Windows
-
CVE-2024-13193
MEDIUM
CVSS 5.3
A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
PHP
Semcms
-
CVE-2024-13192
MEDIUM
CVSS 5.3
A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Java
XSS
Myblog
-
CVE-2024-13191
MEDIUM
CVSS 5.3
A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
File Upload
Authentication Bypass
Java
Myblog
-
CVE-2024-13190
MEDIUM
CVSS 5.3
A vulnerability classified as critical was found in ZeroWdd myblog 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Information Disclosure
-
CVE-2024-13189
MEDIUM
CVSS 6.9
A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Java
Information Disclosure
Myblog
-
CVE-2024-13188
MEDIUM
CVSS 4.8
A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Information Disclosure
Escan Anti Virus
-
CVE-2024-13187
MEDIUM
CVSS 4.8
A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Microsoft
Information Disclosure
Apple
macOS
-
CVE-2024-13186
MEDIUM
CVSS 6.3
The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
-
CVE-2024-13185
MEDIUM
CVSS 6.3
The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
-
CVE-2024-13173
MEDIUM
CVSS 6.3
The health module has insufficient restrictions on loading URLs, which may lead to some information leakage. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
-
CVE-2024-12855
MEDIUM
CVSS 4.3
The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sb_remove_ad' in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication Bypass
WordPress
Adforest
-
CVE-2024-12852
MEDIUM
CVSS 6.4
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ha_cmc_text' parameter of the Happy Mouse Cursor in all versions up to, and including, 3.15.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
WordPress
XSS
Happy Addons For Elementor
-
CVE-2024-12851
MEDIUM
CVSS 6.4
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
WordPress
XSS
Element Pack
-
CVE-2024-12713
MEDIUM
CVSS 5.3
The SureForms - Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Authentication Bypass
WordPress
Information Disclosure
Sureforms
-
CVE-2024-12712
MEDIUM
CVSS 5.3
The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
WordPress
-
CVE-2024-12585
MEDIUM
CVSS 6.1
The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress
XSS
Propertyhive
-
CVE-2024-12584
MEDIUM
CVSS 4.3
The 140+ Widgets | Xpro Addons For Elementor - FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
WordPress
Information Disclosure
Xpro Addons For Elementor
-
CVE-2024-12521
MEDIUM
CVSS 6.4
The Slotti Ajanvaraus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slotti-embed-ga' shortcode in all versions up to, and including, 1.3.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
-
CVE-2024-12431
MEDIUM
CVSS 4.3
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Authentication Bypass
Gitlab
-
CVE-2024-12337
MEDIUM
CVSS 6.1
The Shipping via Planzer for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘processed-ids’ parameter in all versions up to, and including, 1.0.25 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress
XSS
-
CVE-2024-12328
MEDIUM
CVSS 6.4
The MAS Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
-
CVE-2024-12205
MEDIUM
CVSS 6.4
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider Widget in all versions up to, and including, 2.2.4 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
WordPress
XSS
Themesflat Addons For Elementor
-
CVE-2024-12112
MEDIUM
CVSS 6.4
The Easy Form Builder - WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
-
CVE-2024-12045
MEDIUM
CVSS 4.4
The Essential Blocks - Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maker title value of the Google Maps block in all. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Google
WordPress
XSS
Essential Blocks
-
CVE-2024-12030
MEDIUM
CVSS 6.5
The MDTF - Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdf_value' shortcode in all versions up to, and including, 1.3.3.5 due. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
WordPress
SQLi
Wordpress Meta Data And Taxonomies Filter
-
CVE-2024-11830
MEDIUM
CVSS 6.4
The PDF Flipbook, 3D Flipbook-DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to 2.3.52 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
-
CVE-2024-10585
MEDIUM
CVSS 5.3
The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the ~/debug-chart/index.php file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
PHP
WordPress
Path Traversal
Infinitewp Client
-
CVE-2024-10151
MEDIUM
CVSS 5.4
The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress
XSS
Auto Iframe
-
CVE-2024-8002
MEDIUM
CVSS 6.9
A vulnerability has been found in VIWIS LMS 9.11 and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
File Upload
XSS
-
CVE-2024-6350
MEDIUM
CVSS 6.5
A malformed 802.15.4 packet causes a buffer overflow to occur leading to an assert and a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Denial Of Service
-
CVE-2024-56786
None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Information Disclosure
-
CVE-2024-56781
None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Information Disclosure
-
CVE-2024-55356
None
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.
Information Disclosure
-
CVE-2024-55355
None
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.
Information Disclosure
-
CVE-2024-54010
LOW
CVSS 3.4
A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. Rated low severity (CVSS 3.4), this vulnerability is no authentication required. No vendor patch available.
Aruba
Authentication Bypass
Information Disclosure
-
CVE-2024-53995
LOW
CVSS 1.9
SickChill is an automatic video library manager for TV shows. Rated low severity (CVSS 1.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Open Redirect
-
CVE-2024-45345
None
Rejected reason: reserved but not needed. No vendor patch available.
Information Disclosure
-
CVE-2024-45344
None
Rejected reason: reserved but not needed. No vendor patch available.
Information Disclosure
-
CVE-2024-45343
None
Rejected reason: reserved but not needed. No vendor patch available.
Information Disclosure
-
CVE-2024-45342
None
Rejected reason: reserved but not needed. No vendor patch available.
Information Disclosure
-
CVE-2024-9673
None
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.
Information Disclosure
-
CVE-2024-5610
None
Rejected reason: loading template... No vendor patch available.
Information Disclosure