Skip to main content
CVE-2024-25385 MEDIUM POC This Month

An issue in flvmeta v.1.2.2 allows a local attacker to cause a denial of service via the flvmeta/src/flv.c:375:21 function in flv_close. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Flvmeta
NVD GitHub
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-26152 MEDIUM POC PATCH This Month

XSS CSRF File Upload Label Studio
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2024-26284 MEDIUM POC This Month

Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple XSS Firefox Focus
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-26445 MEDIUM POC This Month

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Flusity
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-25876 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Enhavo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-25875 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Enhavo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-26491 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flusity
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-26489 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flusity
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-26484 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Kirby
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-25369 MEDIUM POC This Month

A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the group_id parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Fuel Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-26151 MEDIUM POC PATCH This Month

The `mjml` PyPI package, found at the `FelixSchwarz/mjml-python` GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Python Mjml Python
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-25874 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Enhavo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-25873 MEDIUM POC This Month

Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Enhavo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-26490 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Addon JD Simple module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flusity
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-25828 MEDIUM POC This Month

cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Cmseasy
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-1749 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Bdtask Bhojon Best Restaurant Management Software 2.9. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bhojon
NVD VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-26481 MEDIUM POC PATCH This Month

Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Kirby
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-26349 MEDIUM POC This Month

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Flusity
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-52447 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab, the map may still. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-26586 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-25130 MEDIUM PATCH This Month

Tuleap is an open source suite to improve management of software developments and collaboration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tuleap
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-26351 MEDIUM This Month

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP CSRF Flusity
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-25801 MEDIUM This Month

SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS S Museum
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-26578 MEDIUM PATCH This Month

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.2.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Apache Answer
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2024-0903 MEDIUM PATCH This Month

The User Feedback - Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_submitted' 'link' value in all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Userfeedback
NVD VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-25129 MEDIUM This Month

The CodeQL CLI repo holds binaries for the CodeQL command line interface (CLI). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Codeql Cli
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-26591 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix re-attachment branch in bpf_tracing_prog_attach The following case can cause a crash due to missing attach_btf: 1) load. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26590 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis, and each per-file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26587 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: netdevsim: don't try to destroy PHC on VFs PHC gets initialized in nsim_init_netdevsim(), which is only called if. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26128 MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-23349 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.2.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Answer
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2024-24817 MEDIUM PATCH This Month

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Calendar
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-1525 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-22547 MEDIUM This Month

WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ibr 7150 Firmware
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-26281 MEDIUM This Month

Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Mozilla Firefox
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-1053 MEDIUM PATCH This Month

The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Event Tickets
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-0861 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy