Skip to main content
CVE-2024-27499 MEDIUM POC PATCH This Month

Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Bagisto
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-27569 MEDIUM POC This Month

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the init_nvram function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service Lbt T300 T390 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-27568 MEDIUM POC This Month

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the apn_name_3g parameter in the setupEC20Apn function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service Lbt T300 T390 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-27567 MEDIUM POC This Month

LBT T300- T390 v2.2.1.8 were discovered to contain a stack overflow via the vpn_client_ip parameter in the config_vpn_pptp function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service Lbt T300 T390 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-0403 MEDIUM POC This Month

Recipes version 1.5.10 allows arbitrary HTTP requests to be made through the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Recipes
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-27559 MEDIUM POC This Month

Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /save_settings.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Stupid Simple Cms
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-25438 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Journal Systems
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-25436 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Journal Systems
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-24512 MEDIUM POC This Month

Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Open Journal Systems
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-24511 MEDIUM POC This Month

Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the Input Title component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Open Journal Systems
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-27744 MEDIUM POC This Month

Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Petrol Pump Management
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
1.3%
CVE-2024-27743 MEDIUM POC This Month

Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Petrol Pump Management
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
1.3%
CVE-2024-27734 MEDIUM POC This Month

A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site Settings component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Csz Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-27558 MEDIUM POC This Month

Stupid Simple CMS 1.2.4 is vulnerable to Cross Site Scripting (XSS) within the blog title of the settings. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Stupid Simple Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2070 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester FAQ Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Faq Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2045 MEDIUM POC This Month

Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Session
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-25434 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Journal Systems
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-2075 MEDIUM POC This Month

A vulnerability was found in SourceCodester Daily Habit Tracker 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Daily Habit Tracker
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-2072 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Flashcard Quiz App 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Flashcard Quiz App
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-2071 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester FAQ Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Faq Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-2069 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester FAQ Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Faq Management System
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-2064 MEDIUM POC This Month

A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Selectcours
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-2074 MEDIUM This Month

A vulnerability was found in Mini-Tmall up to 20231017 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.8%
CVE-2024-2068 MEDIUM This Month

A vulnerability was found in SourceCodester Computer Inventory System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Computer Inventory System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
2.5%
CVE-2024-2066 MEDIUM This Month

A vulnerability was found in SourceCodester Computer Inventory System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Computer Inventory System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2065 MEDIUM This Month

A vulnerability was found in SourceCodester Barangay Population Monitoring System up to 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Barangay Population Monitoring System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2078 MEDIUM This Month

A Cross-Site Scripting (XSS) vulnerability has been found in HelpDeskZ affecting version 2.0.2 and earlier. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Helpdeskz
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-23492 MEDIUM This Month

A weak encoding is used to transmit credentials for WS203VICM. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-27950 MEDIUM This Month

Missing Authorization vulnerability in Sirv CDN and Image Hosting Sirv sirv.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-27949 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Sirv CDN and Image Hosting Sirv sirv.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-27140 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Archiva
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2024-1120 MEDIUM PATCH This Month

The NextMove Lite - Thank You Page for WooCommerce and Finale Lite - Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Finale Nextmove
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-27296 MEDIUM PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-22458 MEDIUM PATCH This Month

Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dell Secure Connect Gateway
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-2063 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Petrol Pump Management Software 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Petrol Pump Management
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-26280 MEDIUM PATCH This Month

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Apache Airflow
NVD GitHub
CVSS 3.1
4.7
EPSS
1.9%
CVE-2024-0967 MEDIUM This Month

A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Enterprise Security Manager (ESM). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy