Skip to main content
CVE-2024-57946 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: virtio-blk: don't keep queue frozen during system suspend Commit 4ce6e2db00de ("virtio-blk: Ensure no requests in virtqueues before. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Samsung Apple Linux Linux Kernel +3
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-57944 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1298: Add NULL check in ads1298_init devm_kasprintf() can return a NULL pointer on failure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-57943 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: exfat: fix the new buffer was not zeroed before writing Before writing, if a buffer_head marked as new, its data must be zeroed,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Memory Corruption Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-57942 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix ceph copy to cache on write-begin At the end of netfs_unlock_read_folio() in which folios are marked appropriately for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-57941 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled When the caching for a cookie is temporarily disabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-57939 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: riscv: Fix sleeping in invalid context in die() die() can be called in exception handler, and therefore cannot sleep. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-0615 MEDIUM This Month

Input validation vulnerability in Qualifio's Wheel of Fortune. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-0614 MEDIUM This Month

Input validation vulnerability in Qualifio's Wheel of Fortune. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-57938 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctp_association_init() While by default max_autoclose equals to INT_MAX / HZ, one. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Integer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2024-57936 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix max SGEs for the Work Request Gen P7 supports up to 13 SGEs for now. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-57935 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix accessing invalid dip_ctx during destroying QP If it fails to modify QP to RTR, dip_ctx will not be attached. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-57934 MEDIUM PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: fgraph: Add READ_ONCE() when accessing fgraph_array[] In __ftrace_return_to_handler(), a loop iterates over the fgraph_array[]. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2024-57933 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: gve: guard XSK operations on the existence of queues This patch predicates the enabling and disabling of XSK pools on the existence. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-57932 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: gve: guard XDP xmit NDO on existence of xdp queues In GVE, dedicated XDP queues only exist when an XDP program is installed and the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-57931 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: selinux: ignore unknown extended permissions When evaluating extended permissions, ignore unknown permissions instead of calling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-57930 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing: Have process_string() also allow arrays In order to catch a common bug where a TRACE_EVENT() TP_fast_assign() assigns an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-0450 MEDIUM This Month

The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom JS functionality in all versions up to, and including, 27.6.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Betheme PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-52973 MEDIUM PATCH This Month

An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/log_entries/summary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Elastic Denial Of Service Kibana
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-43709 MEDIUM PATCH This Month

An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Denial Of Service Elasticsearch Red Hat
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-37284 MEDIUM This Month

Improper handling of alternate encoding occurs when Elastic Defend on Windows systems attempts to scan a file or process encoded as a multibyte character. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Elastic Denial Of Service Windows
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-13444 MEDIUM This Month

The wp-greet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-13230 MEDIUM PATCH This Month

The Social Share, Social Login and Social Comments Plugin - Super Socializer plugin for WordPress is vulnerable to Limited SQL Injection via the ‘SuperSocializerKey’ parameter in all versions up to,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Super Socializer
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-11226 MEDIUM This Month

The FireCask Like & Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in all versions up to, and including, 1.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-23184 MEDIUM PATCH This Month

A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Denial Of Service Cxf Red Hat
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-6466 MEDIUM This Month

NEC Corporation's WebSAM DeploymentManager v6.0 to v6.80 allows an attacker to reset configurations or restart products via network with X-FRAME-OPTIONS is not specified. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-13404 MEDIUM PATCH This Month

The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchll' parameter in all versions up to, and including, 7.7.2 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Link Library
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-12005 MEDIUM PATCH This Month

The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF WordPress Wp Bibtex
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-0371 MEDIUM This Month

The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.7.2.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Jetelements PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-10936 HIGH PATCH This Month

The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursive_unserialize_replace'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.5%.

Deserialization WordPress Information Disclosure PHP String Locator
NVD
CVSS 3.1
8.8
EPSS
16.5%
CVE-2025-23086 MEDIUM This Month

On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-13536 MEDIUM This Month

The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-45091 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Urbancode Deploy
NVD
CVSS 3.1
6.2
EPSS
0.0%
Prev Page 6 of 6

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy