Skip to main content
CVE-2024-25221 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Task Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-25219 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Task Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-25218 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Task Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-25225 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Admin Panel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-25224 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter under. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Admin Panel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-25208 MEDIUM POC This Month

Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Barangay Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-25207 MEDIUM POC This Month

Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Barangay Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-21782 MEDIUM This Month

BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Big Ip Access Policy Manager Big Iq Centralized Management Big Ip Advanced Firewall Manager Big Ip Analytics +8
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-1482 MEDIUM This Month

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-23952 MEDIUM This Month

This is a duplicate for CVE-2023-46104. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service Superset
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2024-23787 MEDIUM This Month

Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Jh Rvb1 Firmware Jh Rv11 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-23785 MEDIUM This Month

Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jh Rvb1 Firmware Jh Rv11 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-23784 MEDIUM This Month

Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jh Rvb1 Firmware Jh Rv11 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-24699 MEDIUM This Month

Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meeting Sdk Rooms Vdi Windows Meeting Clients Zoom
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2024-24696 MEDIUM This Month

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Meeting Software Development Kit Vdi Windows Meeting Clients Zoom
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-24695 MEDIUM This Month

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Meeting Software Development Kit Vdi Windows Meeting Clients Zoom
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-24690 MEDIUM This Month

Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Meeting Software Development Kit Rooms Vdi Windows Meeting Clients Video Software Development Kit +1
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-0009 MEDIUM This Month

An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Paloalto Pan Os
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-0011 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-0010 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-25226 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Simple Admin Panel
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-23976 MEDIUM This Month

When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Big Ip Access Policy Manager Big Iq Centralized Management Big Ip Advanced Firewall Manager Big Ip Analytics +8
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-24966 MEDIUM This Month

When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass F5Os A F5Os C
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-23607 MEDIUM This Month

A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal F5Os A F5Os C
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2024-25125 MEDIUM PATCH This Month

Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Information Disclosure Digdag
NVD GitHub
CVSS 3.1
5.3
EPSS
29.6%
CVE-2024-1471 MEDIUM This Month

An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Security Center
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-25300 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Redaxo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-0007 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-22455 MEDIUM This Month

Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell E Lab Navigator
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-24698 MEDIUM This Month

Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Meeting Software Development Kit Rooms Vdi Windows Meeting Clients Zoom
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2024-25619 MEDIUM PATCH This Month

Mastodon is a free, open-source social network server based on ActivityPub. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Mastodon
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy