Skip to main content
CVE-2024-22497 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Jfinalcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-22417 MEDIUM POC PATCH This Month

Whoogle Search is a self-hosted metasearch engine. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Whoogle Search
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-22496 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Jfinalcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-22490 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the /index keyword parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Beetl Bbs
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-23330 MEDIUM POC This Month

Tuta is an encrypted email service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Tutanota
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-22204 MEDIUM POC PATCH This Month

Whoogle Search is a self-hosted metasearch engine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Whoogle Search
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-0587 MEDIUM PATCH This Month

The AMP for WP - Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'disqus_name' parameter in all versions up to, and including, 1.0.92.1 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Accelerated Mobile Pages
NVD VulDB
CVSS 3.1
6.1
EPSS
2.8%
CVE-2024-23206 MEDIUM This Month

An access issue was addressed with improved access restrictions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-0754 MEDIUM This Month

Some WASM source files could have caused a crash when loaded in devtools. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-0753 MEDIUM This Month

In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-0752 MEDIUM This Month

A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Denial Of Service Mozilla Apple +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-0747 MEDIUM This Month

When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-0746 MEDIUM This Month

A Linux user opening the print preview dialog could have caused the browser to crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Denial Of Service Memory Corruption Firefox +3
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-0741 MEDIUM This Month

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Memory Corruption Firefox Firefox Esr +2
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2024-23219 MEDIUM This Month

The issue was addressed with improved authentication. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os
NVD VulDB
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-23223 MEDIUM This Month

A privacy issue was addressed with improved handling of files. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2024-23341 MEDIUM PATCH This Month

TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tuitse Tsusin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-23181 MEDIUM This Month

Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS A Blog Cms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-23218 MEDIUM This Month

A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-23224 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-23207 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-23215 MEDIUM This Month

An issue was addressed with improved handling of temporary files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-23848 MEDIUM This Month

In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-23851 MEDIUM This Month

copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-23850 MEDIUM This Month

In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-23849 MEDIUM This Month

In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-23183 MEDIUM This Month

Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS A Blog Cms
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-23345 MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nautobot
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-0703 MEDIUM PATCH This Month

The Sticky Buttons - floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Sticky Buttons
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-0749 MEDIUM This Month

A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-0748 MEDIUM This Month

A compromised content process could have updated the document URI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-0742 MEDIUM This Month

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy