Skip to main content
CVE-2024-25634 MEDIUM POC This Month

alf.io is an open source ticket reservation system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Alf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-26318 MEDIUM PATCH This Month

Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Serenity
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-26328 MEDIUM This Month

An issue was discovered in QEMU 7.1.0 through 8.2.1. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Qemu
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2024-1346 MEDIUM This Month

Weak MySQL database root password in LaborOfficeFree affects version 19.10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Brute Force Information Disclosure Laborofficefree
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-1345 MEDIUM This Month

Weak MySQL database root password in LaborOfficeFree affects version 19.10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Brute Force Information Disclosure Laborofficefree
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-1343 MEDIUM This Month

A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Laborofficefree
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-26308 MEDIUM PATCH This Month

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.21 before 1.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Commons Compress
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2024-25710 MEDIUM PATCH This Month

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.3 through 1.25.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Commons Compress
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-25640 MEDIUM This Month

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass XSS Iris
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-26129 MEDIUM PATCH This Month

PrestaShop is an open-source e-commerce platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Prestashop
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-25983 MEDIUM PATCH This Month

Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Moodle Fedora
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-25981 MEDIUM PATCH This Month

Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Moodle Fedora
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-25980 MEDIUM PATCH This Month

Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Moodle Fedora
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-25979 MEDIUM PATCH This Month

The URL parameters accepted by forum search were not limited to the allowed parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle Fedora
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-26327 MEDIUM PATCH This Month

An issue was discovered in QEMU 7.1.0 through 8.2.1. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Qemu
NVD
CVSS 3.1
5.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy