Skip to main content
CVE-2024-0593 MEDIUM POC PATCH This Month

The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Simple Job Board
NVD
CVSS 3.1
5.3
EPSS
6.7%
CVE-2024-25381 MEDIUM POC This Month

There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Emlog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1707 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in GARO WALLBOX GLB+ T2EV7 0.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wallbox Glb T2Ev7 Firmware
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-25898 MEDIUM POC This Month

A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Churchcrm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-25895 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Churchcrm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1700 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Php Mysql User Signup Login System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-25896 MEDIUM POC This Month

ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EID POST parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Churchcrm
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-1703 MEDIUM POC This Month

A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Crmeb
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-25288 MEDIUM POC This Month

SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Senayan Library Management System
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-22235 MEDIUM This Month

VMware Aria Operations contains a local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Aria Operations Cloud Foundation
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-1108 MEDIUM PATCH This Month

The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Denial Of Service Plugin Groups
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-0407 MEDIUM This Month

Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Information Disclosure Futuresmart 4 Futuresmart 3 Futuresmart 5
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-1081 MEDIUM PATCH This Month

The 3D FlipBook - PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress 3d Flipbook
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-22220 MEDIUM This Month

An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Formbank Terminalfour
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-26148 MEDIUM PATCH This Month

Querybook is a user interface for querying big data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Querybook
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-1474 MEDIUM This Month

In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ws Ftp Server
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-26269 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Liferay Portal Digital Experience Platform
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-25147 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Liferay Portal Digital Experience Platform
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-26311 MEDIUM This Month

Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2024-26584 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-25905 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.7.18. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Multi Step Form
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-25151 MEDIUM PATCH This Month

The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Liferay Portal Digital Experience Platform
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-26266 MEDIUM PATCH This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Liferay Portal Digital Experience Platform
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-25603 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Liferay Portal Digital Experience Platform
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-25602 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Liferay Portal Digital Experience Platform
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-25601 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Liferay Portal Digital Experience Platform
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-25152 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Liferay Portal Digital Experience Platform
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-1562 MEDIUM PATCH This Month

The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google WordPress Authentication Bypass Woocommerce Google Sheet Connector
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-26138 MEDIUM PATCH This Month

The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document `Licenses.Code.LicenseJSON` that provides information for admins regarding. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Application Licensing
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-26133 MEDIUM PATCH This Month

EventStoreDB (ESDB) is an operational database built to store events. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Eventstoredb
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-1501 MEDIUM PATCH This Month

The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Database Reset
NVD VulDB
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-26585 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-26583 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-24837 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.44.3; FG Drupal to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-24802 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in John Tendik JTRT Responsive Tables.1.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jtrt Responsive Tables
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-24798 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in SoniNow Team Debug.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Debug
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-25904 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in David Stockl TinyMCE and TinyMCE Advanced Professsional Formats and Styles.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Tinymce And Tinymce Advanced Professsional Formats And Styles
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-24876 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor.12. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Admin Menu Editor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-24872 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.0.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Builder
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-24849 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Quicksand Post Filter Jquery
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-26310 MEDIUM This Month

Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper access control vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Archer
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-26145 MEDIUM PATCH This Month

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on Discourse. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Calendar
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy