Skip to main content
CVE-2024-24131 MEDIUM POC This Month

SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Superwebmailer
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-24130 MEDIUM POC This Month

Mail2World v12 Business Control Center was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Usr parameter at resellercenter/login.asp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail2World Webmail
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1269 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Product Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Product Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-1266 MEDIUM POC This Month

A vulnerability classified as problematic was found in CodeAstro University Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS University Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-1265 MEDIUM POC This Month

A vulnerability classified as problematic has been found in CodeAstro University Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS University Management System
NVD VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-1066 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-25143 MEDIUM PATCH This Month

The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-23447 MEDIUM This Month

An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Network Drive Connector
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-23446 MEDIUM This Month

An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Kibana
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-0971 MEDIUM This Month

A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Nessus
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-0256 MEDIUM PATCH This Month

The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Starbox
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-1037 MEDIUM PATCH This Month

The All-In-One Security (AIOS) - Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress All In One Security
NVD VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-24816 MEDIUM PATCH This Month

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2024-24815 MEDIUM PATCH This Month

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-1267 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in CodeAstro Restaurant POS System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Restaurant Pos System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-24771 MEDIUM This Month

Open Forms allows users create and publish smart forms. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Open Forms
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-24488 MEDIUM This Month

An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Tenda Cp3 Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-23769 MEDIUM This Month

Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Microsoft Magician
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-1055 MEDIUM PATCH This Month

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's buttons in all versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Powerpack Addons For Elementor Elementor
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-24706 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.7.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Cfm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-1079 MEDIUM PATCH This Month

The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Quiz Maker
NVD VulDB
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-25145 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Dxp Liferay Portal
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-24812 MEDIUM This Month

Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Python Frappe
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1109 MEDIUM PATCH This Month

The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Podlove Podcast Publisher
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-1110 MEDIUM PATCH This Month

The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Podlove Podcast Publisher
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-23806 MEDIUM This Month

Sensitive data can be extracted from HID iCLASS SE reader configuration cards. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Omnikey Secure Elements Reader Configuration Cards Firmware Iclass Se Reader Configuration Cards Firmware
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-0849 MEDIUM This Month

Leanote version 2.7.0 allows obtaining arbitrary local files. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Desktop
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2024-0955 MEDIUM This Month

A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nessus
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2024-0977 MEDIUM PATCH This Month

The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Timeline Widget For Elementor Elementor
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-24823 MEDIUM PATCH This Month

Graylog is a free and open log management platform. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

XSS Session Fixation Graylog
NVD GitHub
CVSS 3.1
4.4
EPSS
0.4%
CVE-2024-1078 MEDIUM PATCH This Month

The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Quiz Maker
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-22021 MEDIUM This Month

Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Availability Orchestrator Disaster Recovery Orchestrator Recovery Orchestrator
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy