Skip to main content
CVE-2024-56775 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix handling of plane refcount [Why] The mechanism to backup and restore plane states doesn't maintain refcount,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Amd Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-56774 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: add a sanity check for btrfs root in btrfs_search_slot() Syzbot reports a null-ptr-deref in btrfs_search_slot(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56773 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: kunit: Fix potential null dereference in kunit_device_driver_test() kunit_kzalloc() may return a NULL pointer, dereferencing it. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56772 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: kunit: string-stream: Fix a UAF bug in kunit_init_suite() In kunit_debugfs_create_suite(), if alloc_string_stream() fails in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Memory Corruption Use After Free Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-56771 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information These four chips: * W25N512GW * W25N01GW * W25N01JW *. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-51442 HIGH This Week

Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 32.7% and no vendor patch available.

Command Injection Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
32.7%
CVE-2025-20168 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Crosswork Network Controller Common Services Platform Collector
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-20167 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Crosswork Network Controller Common Services Platform Collector
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-20166 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Crosswork Network Controller Common Services Platform Collector
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-56770 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: account for backlog updates from child qdisc In general, 'qlen' of any classful qdisc should keep track of the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-55459 MEDIUM This Month

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keras Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-13187 MEDIUM Monitor

A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Apple macOS
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-22137 CRITICAL This Week

Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-22136 HIGH This Month

Tabby (formerly Terminus) is a highly configurable terminal emulator. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple
NVD GitHub
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-22130 MEDIUM PATCH This Month

Soft Serve is a self-hostable Git server for the command line. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Soft Serve Suse
NVD GitHub
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-20126 MEDIUM Monitor

A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Cisco Apple Thousandeyes Endpoint Agent macOS
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-20123 MEDIUM Monitor

Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Crosswork Network Controller
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-55656 HIGH This Month

RedisBloom adds a set of probabilistic data structures to Redis. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.1% and no vendor patch available.

Redis Integer Overflow Information Disclosure
NVD GitHub
CVSS 3.1
8.8
EPSS
13.1%
CVE-2024-55517 HIGH This Month

An issue was discovered in the Interllect Core Search in Polaris FT Intellect Core Banking 9.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-51737 HIGH This Month

RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. Rated high severity (CVSS 7.0). No vendor patch available.

Heap Overflow Redis Buffer Overflow RCE
NVD GitHub
CVSS 3.1
7.0
EPSS
1.5%
CVE-2024-51480 HIGH This Month

RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Rated high severity (CVSS 7.0). No vendor patch available.

Heap Overflow Redis Buffer Overflow RCE
NVD GitHub
CVSS 3.1
7.0
EPSS
0.8%
CVE-2025-21102 HIGH This Month

Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Dell Information Disclosure Vxrail D560 Firmware Vxrail D560F Firmware Vxrail E460 Firmware +39
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-12337 MEDIUM This Month

The Shipping via Planzer for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘processed-ids’ parameter in all versions up to, and including, 1.0.25 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-11830 MEDIUM This Month

The PDF Flipbook, 3D Flipbook-DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to 2.3.52 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-11423 HIGH This Month

The Ultimate Gift Cards for WooCommerce - Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.7% and no vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
7.5
EPSS
20.7%
CVE-2024-12854 HIGH This Month

The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.1% and no vendor patch available.

RCE File Upload WordPress
NVD
CVSS 3.1
8.8
EPSS
15.1%
CVE-2024-12853 HIGH This Month

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.4% and no vendor patch available.

RCE File Upload WordPress Modula Image Gallery
NVD
CVSS 3.1
8.8
EPSS
12.4%
CVE-2024-12712 MEDIUM This Month

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-54676 CRITICAL PATCH This Week

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Openmeetings
NVD
CVSS 3.1
9.8
EPSS
6.1%
CVE-2024-45033 HIGH PATCH This Month

Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider.5.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Apache Airflow Providers Fab
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-13186 MEDIUM This Month

The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
6.3
EPSS
0.1%
CVE-2024-13185 MEDIUM This Month

The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
6.3
EPSS
0.1%
CVE-2024-12855 MEDIUM Monitor

The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sb_remove_ad' in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Adforest
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-12328 MEDIUM This Month

The MAS Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-11939 HIGH This Month

The Cost Calculator Builder PRO plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘data’ parameter in all versions up to, and including, 3.2.15 due to insufficient escaping. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-11350 CRITICAL This Week

The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Adforest
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-13173 MEDIUM This Month

The health module has insufficient restrictions on loading URLs, which may lead to some information leakage. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
6.3
EPSS
0.2%
CVE-2024-12045 MEDIUM PATCH Monitor

The Essential Blocks - Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maker title value of the Google Maps block in all. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google WordPress XSS Essential Blocks
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2025-22215 MEDIUM Monitor

VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware SSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-8002 MEDIUM This Month

A vulnerability has been found in VIWIS LMS 9.11 and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload XSS
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-12852 MEDIUM PATCH This Month

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ha_cmc_text' parameter of the Happy Mouse Cursor in all versions up to, and including, 3.15.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Happy Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-12851 MEDIUM PATCH This Month

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Element Pack
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-12584 MEDIUM PATCH Monitor

The 140+ Widgets | Xpro Addons For Elementor - FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Xpro Addons For Elementor Elementor
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-10585 MEDIUM PATCH This Month

The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the ~/debug-chart/index.php file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP WordPress Path Traversal Infinitewp Client
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-10151 MEDIUM POC This Month

The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Auto Iframe
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-54731 MEDIUM Monitor

cpdf through 2.8 allows stack consumption via a crafted PDF document. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.0
EPSS
0.1%
CVE-2024-12205 MEDIUM PATCH This Month

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider Widget in all versions up to, and including, 2.2.4 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Themesflat Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-12030 MEDIUM PATCH This Month

The MDTF - Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdf_value' shortcode in all versions up to, and including, 1.3.3.5 due. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Wordpress Meta Data And Taxonomies Filter
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-11271 HIGH PATCH This Month

The WordPress Webinar Plugin - WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Webinarpress
NVD
CVSS 3.1
8.8
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy