Skip to main content
CVE-2024-24561 CRITICAL POC PATCH Act Now

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vyper
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-24754 CRITICAL POC PATCH Act Now

Bref enable serverless PHP on AWS Lambda. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Bref
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-24756 HIGH POC PATCH This Week

Crafatar serves Minecraft avatars based on the skin for use in external applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Docker Crafatar
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-24753 MEDIUM POC PATCH This Month

Bref enable serverless PHP on AWS Lambda. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Bref
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-24752 MEDIUM POC PATCH This Month

Bref enable serverless PHP on AWS Lambda. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Denial Of Service Bref
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-0831 MEDIUM POC PATCH This Month

Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Information Disclosure Vault
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-23034 MEDIUM POC This Month

Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Eyoucms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-23033 MEDIUM POC This Month

Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Eyoucms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-23032 MEDIUM POC This Month

Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Eyoucms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-23031 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Eyoucms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-22927 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Eyoucms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2024-24945 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Travel Journal Using Php And Mysql With Source Code
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-24041 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Travel Journal Using Php And Mysql With Source Code
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-1039 CRITICAL Act Now

Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Web Master Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-23832 CRITICAL PATCH Act Now

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Mastodon
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2024-24062 MEDIUM POC This Month

springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Springboot Manager
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-24061 MEDIUM POC This Month

springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Springboot Manager
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-24060 MEDIUM POC This Month

springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Springboot Manager
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-24059 MEDIUM POC This Month

springboot-manager v1.6 is vulnerable to Arbitrary File Upload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Springboot Manager
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-21852 HIGH This Week

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can supply a malicious configuration file by utilizing a Zip Slip vulnerability in the unpacking routine to achieve. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Rapid Scada
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-24569 MEDIUM POC PATCH This Month

The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Path Traversal Java Java Code Security Toolkit
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2024-22859 HIGH PATCH This Week

Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE CSRF Livewire
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-0325 HIGH This Week

In Helix Sync versions prior to 2024.1, a local command injection was identified. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Command Injection RCE Helix Sync
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-22449 HIGH This Week

Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1167 HIGH This Week

When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Movitools Motionstudio
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-0935 HIGH This Week

Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Delmia Apriso
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-21750 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scribit Shortcodes Finder allows Reflected XSS.5.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Shortcodes Finder
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-51509 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Registrationmagic
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-51540 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kunal Nagar Custom 404 Pro allows Stored XSS.10.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Custom 404 Pro
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22148 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.3.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Smart Editor
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-52188 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Footer Putter allows Stored XSS.17. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Footer Putter
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51520 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPdevelop / Oplugins WP Booking Calendar allows Stored XSS.7.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Booking Calendar
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52118 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP User Profile Avatar allows Stored XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Event Manager
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51693 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Icons allows Stored XSS.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Icons
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51689 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in naa986 Easy Video Player allows Stored XSS.2.2.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Easy Video Player
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51677 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.23. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Download Schema Structured Data For Wp Amp
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51666 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Related Post allows Stored XSS.0.53. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Related Post
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51532 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Icegram Engage - WordPress Lead Generation, Popup Builder, CTA, Optins and Email List. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Icegram Engage
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52195 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Posts to Page Kerry James allows Stored XSS.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Posts To Page
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52194 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takayuki Miyauchi oEmbed Gist allows Stored XSS.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Oembed Gist
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52193 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.5.23. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Page Builder
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52192 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS.0.11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Official Opt In Forms
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52191 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Torbjon Infogram - Add charts, maps and infographics allows Stored XSS.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Infogram
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52189 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jhayghost Ideal Interactive Map allows Stored XSS.2.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ideal Interactive Map
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52175 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Uno (miunosoft) Auto Amazon Links - Amazon Associates Affiliate Plugin allows Stored. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Auto Amazon Links
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51514 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeboxr Team CBX Bookmark & Favorite allows Stored XSS.7.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cbx Bookmark Favorite
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51684 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Digital Downloads Easy Digital Downloads - Sell Digital Files (eCommerce Store & Payments. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Easy Digital Downloads
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51674 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager - Restricted Content, Users & Roles, Enhanced Security and More. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Advanced Access Manager
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51669 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artios Media Product Code for WooCommerce allows Stored XSS.4.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Product Code For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51694 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Epiphyt Embed Privacy allows Stored XSS.8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Embed Privacy
NVD
CVSS 3.1
6.5
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy