Skip to main content
CVE-2023-51946 MEDIUM POC This Month

Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Actinas Sl 2U 8 Rdx Firmware
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-0726 MEDIUM POC This Month

A vulnerability was found in Project Worlds Student Project Allocation System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Student Project Allocation System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-0721 MEDIUM POC This Month

A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jspxcms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-0720 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in FactoMineR FactoInvestigate up to 1.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Factoinvestigate
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-22957 MEDIUM POC This Month

swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-22914 MEDIUM POC This Month

A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-0722 MEDIUM POC This Month

A vulnerability was found in code-projects Social Networking Site 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Social Networking Site
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-0717 MEDIUM POC THREAT This Month

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 825Acg1 Firmware Dir 841 Firmware Dir 1260 Firmware +41
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
18.2%
CVE-2024-0716 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Byzoro Smart S150 Management Platform V31R02B15. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Smart S150 Firmware
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-0718 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in liuwy-dlsdys zhglxt 4.7.7. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zhglxt
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-23332 MEDIUM PATCH This Month

The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Notation Go
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-47160 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wpmet Wp Social Login and Register Social Counter.9.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wp Social Login And Register Social Counter
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-45083 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content -. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Profilepress
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-22421 MEDIUM PATCH This Month

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jupyterlab Notebook Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-0758 MEDIUM PATCH This Month

MolecularFaces before 0.3.0 is vulnerable to cross site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Molecularfaces
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-22420 MEDIUM PATCH This Month

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jupyterlab Notebook Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-23659 MEDIUM PATCH This Month

SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Spip
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-23686 MEDIUM PATCH This Month

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dependency Check
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-23685 MEDIUM PATCH This Month

Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Mod Remote Storage
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-22877 MEDIUM This Month

StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Thehive
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-22876 MEDIUM This Month

StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Thehive
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-23688 MEDIUM PATCH This Month

Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Discovery
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-23680 MEDIUM PATCH This Month

AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Java Information Disclosure Aws Encryption Sdk
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-21733 MEDIUM PATCH This Month

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Apache Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
14.3%
CVE-2024-23387 MEDIUM This Month

FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fusionpbx
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-45845 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.5.1.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Smart Slider 3
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy