Skip to main content
CVE-2024-0782 MEDIUM POC This Month

A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Railway Reservation System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-0781 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect Internet Banking System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-21484 MEDIUM POC PATCH This Month

Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Jsrsasign
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
1.0%
CVE-2024-0430 MEDIUM POC This Month

IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Malware Fighter
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0774 MEDIUM POC This Month

A vulnerability was found in Any-Capture Any Sound Recorder 2.93. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Any Sound Recorder
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-0772 MEDIUM POC This Month

A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sharealarmpro
NVD VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-0776 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms 2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pb Cms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-0773 MEDIUM POC This Month

A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Internet Banking System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-23340 MEDIUM POC PATCH This Month

@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Path Traversal Node Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-23339 MEDIUM PATCH This Month

hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Information Disclosure Hoolock
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-23675 MEDIUM This Month

In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Cloud
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-0606 MEDIUM This Month

An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Firefox Focus
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-22113 MEDIUM This Month

Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Cgi An Anlyzer
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-23677 MEDIUM This Month

In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Splunk Cloud
NVD
CVSS 3.1
5.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy