Skip to main content
CVE-2024-0601 MEDIUM POC This Month

A vulnerability was found in ZhongFuCheng3y Austin 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Austin
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-0239 MEDIUM POC This Month

The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Form 7 Connector
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-0187 MEDIUM POC This Month

The Community by PeepSo WordPress plugin before 6.3.1.2 does not sanitise and escape various parameters and generated URLs before outputting them back attributes, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Peepso
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-0232 MEDIUM POC This Month

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Sqlite Enterprise Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-22411 MEDIUM POC PATCH This Month

Avo is a framework to create admin panels for Ruby on Rails apps. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Avo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-22191 MEDIUM POC PATCH This Month

Avo is a framework to create admin panels for Ruby on Rails apps. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Avo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-0599 MEDIUM POC This Month

A vulnerability was found in Jspxcms 10.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Jspxcms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-22491 MEDIUM POC This Month

A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Beetl Bbs
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-0235 MEDIUM POC THREAT This Month

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Eventon
NVD WPScan
CVSS 3.1
5.3
EPSS
38.0%
CVE-2024-0569 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure T8 Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
1.0%
CVE-2024-0570 MEDIUM This Month

A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass N350Rt Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-22407 MEDIUM PATCH This Month

Shopware is an open headless commerce platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Shopware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-22192 MEDIUM PATCH This Month

Ursa is a cryptographic library for use with blockchains. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ursa
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-20985 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle MySQL Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-20977 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle MySQL Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-20975 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-20973 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-20963 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-20961 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle MySQL Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-0556 MEDIUM This Month

A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wic1200 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-20930 MEDIUM PATCH This Month

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-20950 MEDIUM PATCH This Month

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Customer Interaction History
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-20948 MEDIUM PATCH This Month

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Knowledge Management
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-20942 MEDIUM PATCH This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-20940 MEDIUM PATCH This Month

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Create, Update, Authoring Flow). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Oracle Knowledge Management
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-20938 MEDIUM PATCH This Month

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: ECC). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Istore
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-20936 MEDIUM PATCH This Month

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Documents). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle One To One Fulfillment
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-20934 MEDIUM PATCH This Month

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Oracle Installed Base
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-20928 MEDIUM PATCH This Month

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Content
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-20908 MEDIUM PATCH This Month

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-0238 MEDIUM This Month

The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Eventon
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-0233 MEDIUM This Month

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Eventon
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-20969 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle MySQL Oncommand Insight
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-20967 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-20946 MEDIUM PATCH This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Oracle Solaris
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0581 MEDIUM This Month

An Uncontrolled Resource Consumption vulnerability has been found on Sandsprite Scdbg.exe, affecting version 1.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Scdbg
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20987 MEDIUM PATCH This Month

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Bi Publisher
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-20979 MEDIUM PATCH This Month

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Bi Publisher
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-20944 MEDIUM PATCH This Month

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Oracle Isupport
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-0554 MEDIUM This Month

A Cross-site scripting (XSS) vulnerability has been found on WIC1200, affecting version 1.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wic1200 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-0579 MEDIUM This Month

A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection X2000r Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
2.2%
CVE-2024-0237 MEDIUM This Month

The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Eventon
NVD WPScan
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-0236 MEDIUM This Month

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Eventon
NVD WPScan
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-20904 MEDIUM PATCH This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Oracle Business Intelligence
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2024-20983 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle MySQL Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-20981 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle MySQL Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2024-20971 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle MySQL Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2024-20965 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle MySQL Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
1.5%
CVE-2024-20906 MEDIUM PATCH This Month

Vulnerability in the Integrated Lights Out Manager (ILOM) product of Oracle Systems (component: System Management). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Integrated Lights Out Manager Firmware
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-20959 MEDIUM PATCH This Month

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle Zfs Storage Appliance Kit
NVD
CVSS 3.1
4.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy