Skip to main content
CVE-2024-22532 MEDIUM POC This Month

Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service Microsoft Nconvert
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-0550 MEDIUM POC PATCH This Month

A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Anythingllm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-1892 MEDIUM POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Scrapy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-25868 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via the membershipType parameter in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Membership Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-27285 MEDIUM POC PATCH This Month

YARD is a Ruby Documentation tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Yard Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-25202 MEDIUM POC This Month

Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection XSS RCE User Registration Login And User Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2024-1972 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Job Portal 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Job Portal
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-26559 MEDIUM POC This Month

An issue in uverif v.2.0 allows a remote attacker to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Uverif
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-22723 MEDIUM POC This Month

Webtrees 2.1.18 is vulnerable to Directory Traversal. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Webtrees
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-1932 MEDIUM POC This Month

Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Freescout
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-25579 MEDIUM This Month

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2024-1566 MEDIUM This Month

The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Redirects
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-1860 MEDIUM PATCH This Month

The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Anti Hacker
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-51681 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Duplicator Duplicator - WordPress Migration & Backup Plugin.5.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-24779 MEDIUM PATCH This Month

Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Superset
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-24773 MEDIUM PATCH This Month

Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope.0.4, from 3.1.0 before 3.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Superset
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-1632 MEDIUM This Month

Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sitefinity
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-22459 MEDIUM This Month

Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Elastic Cloud Storage
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-27913 MEDIUM PATCH This Month

ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-1791 MEDIUM This Month

The CodeMirror Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Code Mirror block in all versions up to, and including, 1.2.4 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Codemirror Blocks
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1808 MEDIUM PATCH This Month

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_qrcode' shortcode in all versions up to, and including, 7.0.3 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Shortcodes Ultimate
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1568 MEDIUM PATCH This Month

The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Seraphinite Accelerator
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1954 MEDIUM PATCH This Month

The Oliver POS - A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1.8. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

PHP WordPress CSRF Oliver Pos
NVD VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-25435 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Md1Patient
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-27103 MEDIUM PATCH This Month

Querybook is a Big Data Querying UI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Querybook
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-47002 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix null pointer dereference in svc_rqst_free() When alloc_pages_node() returns null in svc_rqst_alloc(), the null. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-21749 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au 1 click disable all.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Click Disable All
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-51683 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.8.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Easy Paypal Stripe Buy Now Button
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-52223 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in MailerLite MailerLite - WooCommerce integration.0.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Mailerlite
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-24705 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibility.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-0680 MEDIUM This Month

The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Wp Private Content Plus
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-27948 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in bytesforall Atahualpa.7.24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atahualpa
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-51533 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.12.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ecwid Ecommerce Shopping Cart
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-0682 MEDIUM This Month

The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Pagerestrict
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-26450 MEDIUM This Month

An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS CSRF Piwigo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-26016 MEDIUM PATCH This Month

A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Superset
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2024-1636 MEDIUM This Month

Potential Cross-Site Scripting (XSS) in the page editing area. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sitefinity
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1136 MEDIUM PATCH This Month

The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to an improperly implemented URL check in the wpsm_coming_soon_redirect function in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Coming Soon Page Maintenance Mode
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-0975 MEDIUM PATCH This Month

The WordPress Access Control plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.13 via the REST API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure WordPress Wordpress Access Control
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-1476 MEDIUM This Month

The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Authentication Bypass Under Construction Maintenance Mode
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-1516 MEDIUM PATCH This Month

The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the check_for_saas_push() function in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wp Ecommerce
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-1368 MEDIUM PATCH This Month

The Page Duplicator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_dat_page() function in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Page Duplicator
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-1965 MEDIUM This Month

Server-Side Request Forgery vulnerability in Haivision's Aviwest Manager and Aviwest Steamhub. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Maanager Streamhub
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-21798 MEDIUM This Month

ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wrc 1167Gs2 B Firmware Wrc 1167Gs2H B Firmware Wrc 1167Gst2 Firmware Wrc 2533Gs2 B Firmware +6
NVD
CVSS 3.1
4.8
EPSS
1.3%
CVE-2023-6922 MEDIUM This Month

The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acx_csma_subscribe_ajax'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Under Construction Maintenance Mode
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-0768 MEDIUM This Month

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Envo S Elementor Templates Widgets For Woocommerce Elementor
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-0431 MEDIUM This Month

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Gestpay For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-1388 MEDIUM PATCH This Month

The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_customizer_options() function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Yuki
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-0766 MEDIUM This Month

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templates_ajax_request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Envo S Elementor Templates Widgets For Woocommerce Elementor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-52226 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Advanced Flamingo.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Advanced Flamingo
NVD
CVSS 3.1
4.3
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy