Skip to main content
CVE-2024-25428 MEDIUM POC This Month

SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mrcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-25197 MEDIUM POC This Month

Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Nav2 Robot Operating System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-25366 MEDIUM POC This Month

Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Denial Of Service Libiec61850
NVD GitHub
CVSS 3.1
6.2
EPSS
0.9%
CVE-2024-24763 MEDIUM POC This Month

JumpServer is an open source bastion host and an operation and maintenance security audit system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Redirect Jumpserver
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-1551 MEDIUM POC This Month

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Mozilla Firefox Thunderbird Debian Linux
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-25608 MEDIUM POC PATCH This Month

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2024-1661 MEDIUM POC This Month

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass X6000r Firmware
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-25974 MEDIUM POC This Month

The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openolat
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-25973 MEDIUM POC This Month

The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openolat
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-25260 MEDIUM POC This Month

elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Elfutils
NVD GitHub
CVSS 3.1
4.0
EPSS
0.3%
CVE-2024-1559 MEDIUM PATCH This Month

The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Link Library
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-1556 MEDIUM This Month

The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-1547 MEDIUM This Month

Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox Thunderbird Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-26265 MEDIUM PATCH This Month

The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Liferay Portal Digital Experience Platform
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-25604 MEDIUM PATCH This Month

Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-21890 MEDIUM This Month

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Node Js
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-1510 MEDIUM PATCH This Month

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_tooltip shortcode in all versions up to, and including, 7.0.2 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Shortcodes Ultimate
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-26140 MEDIUM PATCH This Month

com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Lrs Sql Lrs
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1550 MEDIUM This Month

A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Thunderbird Debian Linux
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-1549 MEDIUM This Month

If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird Debian Linux
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-25609 MEDIUM PATCH This Month

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-25610 MEDIUM PATCH This Month

In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-25149 MEDIUM PATCH This Month

Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-25631 MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Cilium
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-25630 MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Cilium
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-26270 MEDIUM PATCH This Month

The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Liferay Portal Digital Experience Platform
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-26268 MEDIUM PATCH This Month

User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Liferay Portal Digital Experience Platform
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-26267 MEDIUM PATCH This Month

In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Liferay Portal Digital Experience Platform
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-25605 MEDIUM PATCH This Month

The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-1548 MEDIUM This Month

A website could have obscured the fullscreen notification by using a dropdown select input element. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2024-25150 MEDIUM PATCH This Month

Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy