Skip to main content
CVE-2024-48806 MEDIUM This Month

Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allows a physically proximate attackers to escalate privileges via a crafted payload to the password field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-13312 MEDIUM This Month

Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.8.0 before 12.3.10, from 12.4.0 before 12.4.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Open Social Drupal
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-13310 MEDIUM This Month

Vulnerability in Drupal Git Utilities for Drupal.*. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Git Utilities Drupal
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-13309 MEDIUM PATCH This Month

Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly Configured Access Control Security Levels.0.0 before 2.1.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Login Disable Drupal
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-13305 MEDIUM PATCH Monitor

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Entity Form Steps allows Cross-Site Scripting (XSS).0.0 before 1.1.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Entity Form Steps Drupal
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-13304 MEDIUM PATCH Monitor

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Minify JS allows Cross Site Request Forgery.0.0 before 3.0.3. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Minify Js Drupal
NVD
CVSS 3.1
4.5
EPSS
0.1%
CVE-2024-13303 MEDIUM PATCH This Month

Missing Authorization vulnerability in Drupal Download All Files allows Forceful Browsing.0.0 before 2.0.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Download All Files Drupal
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-13302 MEDIUM PATCH This Month

Incorrect Authorization vulnerability in Drupal Pages Restriction Access allows Forceful Browsing.0.0 before 2.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pages Restriction Access Drupal
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-13301 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal OAuth & OpenID Connect Single Sign On - SSO (OAuth/OIDC Client) allows Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oauth Openid Connect Single Sign On Drupal
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-13300 MEDIUM This Month

Vulnerability in Drupal Print Anything.*. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Print Anything Drupal
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-13299 MEDIUM This Month

Vulnerability in Drupal Megamenu Framework.*. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Megamenu Framework Drupal
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-13298 MEDIUM PATCH Monitor

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tarte au Citron allows Cross-Site Scripting (XSS).0.0 before 2.0.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tarte Au Citron Drupal
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-13297 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Drupal Eloqua allows Object Injection.X-* before 7.X-1.15. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Eloqua Drupal
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2024-13296 MEDIUM PATCH This Month

Deserialization of Untrusted Data vulnerability in Drupal Mailjet allows Object Injection.0.0 before 4.0.1. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Mailjet Drupal
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-13295 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Drupal Node export allows Object Injection.X-* before 7.X-3.3. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Node Export Drupal
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-13294 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal POST File allows Cross-Site Scripting (XSS).0.0 before 1.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Post File Drupal
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-13292 MEDIUM PATCH Monitor

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tooltip allows Cross-Site Scripting (XSS).0.0 before 1.1.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tooltip Drupal
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-13290 MEDIUM PATCH This Month

Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.0.0 before 2.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ohdear Integration Drupal
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-13289 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookiebot + GTM allows Cross-Site Scripting (XSS).0.0 before 1.0.18. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cookiebot Gtm Drupal
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-13288 MEDIUM PATCH Monitor

Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.0.0 before 9.3.4, from 9.4.0 before 9.4.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Monster Menus Drupal
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-56114 MEDIUM POC This Week

Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Canlineapp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-55494 MEDIUM This Month

A PHP Code Injection vulnerability that can lead to Remote Code Execution (RCE) and XSS in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-54762 MEDIUM POC This Month

Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruoyi
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-54761 MEDIUM POC This Month

BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft SQLi Bigant Office Messenger 5
NVD GitHub Exploit-DB
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-42898 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nagios Xi
NVD GitHub
CVSS 3.1
5.4
EPSS
2.8%
CVE-2024-13287 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Views SVG Animation allows Cross-Site Scripting (XSS).0.0 before 1.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Views Svg Animation Drupal
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-13286 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal SVG Embed allows Cross-Site Scripting (XSS).0.0 before 2.1.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Svg Embed Drupal
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-13283 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).0.0 before 2.0.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Facets Drupal
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-13275 MEDIUM PATCH This Month

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Drupal Security Kit allows HTTP DoS.0.0 before 2.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Security Kit Drupal
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-13274 MEDIUM PATCH This Month

Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.0.0 before 12.3.8, from 12.4.0 before 12.4.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Social Drupal
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-13273 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).0.0 before 12.3.8, from 12.4.0 before. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Social Drupal
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-13272 MEDIUM PATCH This Month

Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.0.0 before 1.23.0, from 2.0.0 before 2.0.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paragraphs Table Drupal
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-13271 MEDIUM PATCH Monitor

Incorrect Authorization vulnerability in Drupal Content Entity Clone allows Forceful Browsing.0.0 before 1.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Content Entity Clone Drupal
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13270 MEDIUM PATCH Monitor

Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.0.0 before 4.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Freelinking Drupal
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13269 MEDIUM PATCH This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Advanced Varnish allows Forceful Browsing.0.0 before 4.0.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Advanced Varnish Drupal
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-13268 MEDIUM This Month

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno allows PHP Local File Inclusion.X-1.0 before 7.X-1.23. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection PHP Opigno Drupal
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-13266 MEDIUM PATCH This Month

Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.0.0 before 4.4.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Responsive And Off Canvas Menu Drupal
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-13263 MEDIUM PATCH This Month

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.0.0 before 3.1.1. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP Group Manager Drupal
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-13262 MEDIUM PATCH Monitor

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal View Password allows Cross-Site Scripting (XSS).0.0 before 6.0.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS View Password Drupal
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-13257 MEDIUM PATCH This Month

Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.0.0 before 1.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Commerce View Receipt Drupal
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-13252 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal TacJS allows Cross-Site Scripting (XSS).0.0 before 6.5.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tacjs Drupal
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-13249 MEDIUM This Month

Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.X-1.0 before 7.X-1.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Node Access Rebuild Progressive Drupal
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-13248 MEDIUM PATCH This Month

Incorrect Privilege Assignment vulnerability in Drupal Private content allows Target Influence via Framing.0.0 before 2.1.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Private Content Drupal
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-13247 MEDIUM PATCH Monitor

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Coffee allows Cross-Site Scripting (XSS).0.0 before 1.4.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Coffee Drupal
NVD HeroDevs
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-13246 MEDIUM PATCH This Month

Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.0.0 before 2.0.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Node Access Rebuild Progressive Drupal
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-13245 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting (XSS).0.0 before 1.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ckeditor 4 Drupal
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-13243 MEDIUM PATCH This Month

Missing Authorization vulnerability in Drupal Entity Delete Log allows Forceful Browsing.0.0 before 1.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Entity Delete Log Drupal
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-13238 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Typogrify allows Cross-Site Scripting (XSS).0.0 before 1.3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Typogrify Drupal
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-13237 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal File Entity (fieldable files) allows Cross-Site Scripting (XSS).X-* before 7.X-2.38. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Entity Drupal
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2025-21596 MEDIUM This Month

An Improper Handling of Exceptional Conditions vulnerability in the command-line processing of Juniper Networks Junos OS on SRX1500, SRX4100, and SRX4200 devices allows a local, low-privileged. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD VulDB
CVSS 4.0
6.8
EPSS
0.1%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy