Skip to main content
CVE-2024-22894 MEDIUM POC This Month

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Heat Pumps Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-24565 MEDIUM POC PATCH This Month

CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Cratedb
NVD GitHub
CVSS 3.1
6.5
EPSS
3.1%
CVE-2024-0564 MEDIUM POC This Month

A flaw was found in the Linux kernel's memory deduplication mechanism. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-22643 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Seo Panel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-7225 MEDIUM POC PATCH This Month

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Mappress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-23840 MEDIUM POC PATCH This Month

GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Goreleaser
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-24567 MEDIUM POC PATCH This Month

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-22648 MEDIUM POC This Month

A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Seo Panel
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-22647 MEDIUM POC This Month

An user enumeration vulnerability was found in SEO Panel 4.10.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Seo Panel
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-22646 MEDIUM POC This Month

An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Seo Panel
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-23825 MEDIUM POC PATCH This Month

TablePress is a table plugin for Wordpress. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF WordPress Tablepress
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-0675 MEDIUM This Month

Vulnerability of improper checking for unusual or exceptional conditions in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, the exploitation of which could allow an attacker with physical. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Douro Firmware Douro Ii Firmware
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-21388 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
6.5
EPSS
32.0%
CVE-2024-23834 MEDIUM PATCH This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Discourse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-24558 MEDIUM PATCH This Month

TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Node.js XSS React Query Next Experimental
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-24556 MEDIUM PATCH This Month

urql is a GraphQL client that exposes a set of helpers for several frameworks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Urql
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-23841 MEDIUM PATCH This Month

apollo-client-nextjs is the Apollo Client support for the Next.js App Router. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js XSS Apollo Client
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1031 MEDIUM This Month

A vulnerability was found in CodeAstro Expense Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Expense Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1029 MEDIUM This Month

A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Ereserv
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1028 MEDIUM This Month

A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Facebook News Feed Like
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1026 MEDIUM This Month

A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Ereserv
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-1024 MEDIUM This Month

A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Facebook News Feed Like
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-1030 MEDIUM This Month

A vulnerability was found in Cogites eReserv 7.7.58. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Ereserv
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-22200 MEDIUM PATCH This Month

vantage6-UI is the User Interface for vantage6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Nginx Vantage6 Ui
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-22193 MEDIUM PATCH This Month

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Vantage6
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy