Skip to main content
CVE-2024-24572 MEDIUM POC PATCH This Month

facileManager is a modular suite of web apps built with the sysadmin in mind. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Facilemanager
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-24571 MEDIUM POC PATCH This Month

facileManager is a modular suite of web apps built with the sysadmin in mind. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Facilemanager
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1103 MEDIUM POC This Month

A vulnerability was found in CodeAstro Real Estate Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Real Estate Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-1099 MEDIUM POC This Month

A vulnerability was found in Rebuild up to 3.5.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rebuild
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-22569 MEDIUM POC This Month

Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Poscms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-6780 MEDIUM POC This Month

An integer overflow was found in the __vsyslog_internal function of the glibc library. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Glibc Fedora
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-24566 MEDIUM POC PATCH This Month

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Lobe Chat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-23502 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in InfornWeb Posts List Designer by Category - List Category Posts Or Recent Posts allows Stored. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Posts List Designer By Category
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-22158 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo - Social Network, Membership, Registration, User Profiles allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Peepso
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-22150 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PWR Plugins Portfolio & Image Gallery for WordPress | PowerFolio allows Stored XSS.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Powerfolio
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-22146 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.25. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Schema Structured Data For Wp Amp
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-22302 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignazio Scimone Albo Pretorio On line allows Stored XSS.6.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Albo Pretorio On Line
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-22297 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeboxr CBX Map for Google Map & OpenStreetMap allows Stored XSS.1.11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Google Cbx Map
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-22292 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Delower WP To Do allows Stored XSS.2.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp To Do
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-22310 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Formzu Inc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Formzu Wp
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-23505 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DearHive PDF Viewer & 3D PDF Flipbook - DearPDF allows Stored XSS.0.38. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dearpdf
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-1111 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Login System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Qr Code Login System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-0914 MEDIUM PATCH This Month

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Opencryptoki Enterprise Linux
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-22153 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood & Alexandre Faustino Stock Locations for WooCommerce allows Stored XSS.5.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Stock Locations For Woocommerce
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-22161 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harmonic Design HD Quiz allows Stored XSS.8.11. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hd Quiz
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-22306 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hometory Mang Board WP allows Stored XSS.7.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mang Board
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-22295 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery allows Stored XSS.2.17. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Robo Gallery
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-22236 MEDIUM PATCH This Month

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Java Google Spring Cloud Contract
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-22285 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Elise Bosse Frontpage Manager.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Frontpage Manager
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-22304 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Borbis Media FreshMail For WordPress.3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Freshmail For Wordpress
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-22143 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check.17. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wpspellcheck
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-0589 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Remote Desktop Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-23637 MEDIUM PATCH This Month

OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Octoprint
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-22291 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Browser Theme Color.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Browser Theme Color
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-22136 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Elementor Addons - Widgets, Blocks, Templates Library For Elementor Builder.1.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Droit Elementor Addons Elementor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0836 MEDIUM PATCH This Month

The WordPress Review & Structure Data Schema Plugin - Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit(). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Review Schema
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy