Skip to main content
CVE-2024-27931 MEDIUM POC PATCH This Month

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Deno
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-27564 MEDIUM POC THREAT This Month

pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Chatgpt
NVD GitHub
CVSS 3.1
6.5
EPSS
40.6%
CVE-2024-26334 MEDIUM POC This Month

swftools v0.9.2 was discovered to contain a segmentation violation via the function compileSWFActionCode at swftools/lib/action/actioncompiler.c. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Swftools
NVD GitHub
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-27623 MEDIUM POC This Month

CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Ssti Cms Made Simple
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-26335 MEDIUM POC This Month

swftools v0.9.2 was discovered to contain a segmentation violation via the function state_free at swftools/src/swfc-history.c. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-26333 MEDIUM POC This Month

swftools v0.9.2 was discovered to contain a segmentation violation via the function free_lines at swftools/lib/modules/swfshape.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-27563 MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Wondercms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-27625 MEDIUM POC This Month

CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cms Made Simple
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-26337 MEDIUM POC This Month

swftools v0.9.2 was discovered to contain a segmentation violation via the function s_font at swftools/src/swfc.c. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Swftools
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-22253 MEDIUM This Month

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free VMware RCE Memory Corruption Cloud Foundation +3
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-22252 MEDIUM This Month

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free VMware RCE Memory Corruption Workstation +2
NVD
CVSS 3.1
6.7
EPSS
3.5%
CVE-2024-20832 MEDIUM This Month

Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-20831 MEDIUM This Month

Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-1381 MEDIUM PATCH This Month

The Page Builder Sandwich - Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure WordPress Page Builder Sandwich
NVD VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-1285 MEDIUM This Month

The Page Builder Sandwich - Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Page Builder Sandwich
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-21815 MEDIUM This Month

Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Command Centre
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-0698 MEDIUM This Month

The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyappointments' shortcode in all versions up to, and including, 1.3.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Easy Appointments
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-20833 MEDIUM This Month

Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2024 Release 1 due to race condition allows local attackers with system privilege to cause memory corruption. Rated medium severity (CVSS 6.4). No vendor patch available.

Use After Free Buffer Overflow Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-1782 MEDIUM This Month

The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'bt_webid' parameter in all versions up to, and including, 1.0 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Blue Triad Ezanalytics
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2024-22383 MEDIUM This Month

Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-27627 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in SuperCali version 1.1.0, allowing remote attackers to execute arbitrary JavaScript code via the email parameter in the bad_password.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP XSS RCE
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2188 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link XSS Archer Ax50 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2024-1900 MEDIUM This Month

Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Devolutions Server
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20841 MEDIUM This Month

Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Samsung Account
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20836 MEDIUM This Month

Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-1095 MEDIUM This Month

The Build & Control Block Patterns - Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settings_export() function in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Build Control Block Pattern
NVD VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-1088 MEDIUM This Month

The Password Protected Store for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the REST API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure WordPress Password Protected Store For Woocommerce
NVD VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-21838 MEDIUM This Month

Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Command Centre
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-1093 MEDIUM This Month

The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_logic() function hooked via admin_init in all versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Change Memory Limit
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-1769 MEDIUM This Month

The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 14 via the meta description data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Jm Twitter Cards
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-1478 MEDIUM This Month

The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.1 via the REST API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure WordPress Maintenance Mode
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-1178 MEDIUM PATCH This Month

The SportsPress - Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Sportspress
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-25615 MEDIUM This Month

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Arubaos
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-20837 MEDIUM This Month

Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Internet
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-20830 MEDIUM This Month

Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock settings. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-20829 MEDIUM This Month

Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Internet
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-2179 MEDIUM PATCH This Month

Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-20839 MEDIUM This Month

Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers to access recording files on the lock. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Samsung Voice Recorder
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-1901 MEDIUM This Month

Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Devolutions Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-1898 MEDIUM This Month

Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Devolutions Server
NVD
CVSS 3.1
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy