Skip to main content
CVE-2024-26492 MEDIUM POC This Month

An issue in Online Diagnostic Lab Management System 1.0 allows a remote attacker to gain control of a 'Staff' user account via a crafted POST request using the id, email, password, and cpass. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Online Diagnostic Lab Management System
NVD Exploit-DB
CVSS 3.1
6.3
EPSS
0.6%
CVE-2024-2266 MEDIUM POC This Month

A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Secret Coder Php Project
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-24035 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Setor Informatica SIL 3.1 allows attackers to run arbitrary code via the hmessage parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS S I L
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1460 MEDIUM POC This Month

MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Afterburner
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-1443 MEDIUM POC This Month

MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002000 IOCTL code of the RTCore64.sys driver. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Afterburner
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-1725 MEDIUM PATCH This Month

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openshift Container Platform Openshift Container Platform For Arm64 Openshift Container Platform For Ibm Z Openshift Container Platform For Linuxone +1
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-28230 MEDIUM This Month

In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Youtrack
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-28229 MEDIUM This Month

In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Youtrack
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-1366 MEDIUM This Month

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘archive_title_tag’ attribute of the Archive Title widget in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Happy Addons For Elementor Elementor
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-1377 MEDIUM This Month

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author_meta_tag’ attribute of the Author Meta widget in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Happy Addons For Elementor Elementor
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-1761 MEDIUM PATCH This Month

The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 3.6.1 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Chat App
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2136 MEDIUM PATCH This Month

The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget in all versions up to, and including, 2.5.6 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wpkoi Templates For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1506 MEDIUM This Month

The Prime Slider - Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tags' attribute of the Fiestar widget in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Prime Slider
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1419 MEDIUM PATCH This Month

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ attribute of the Header Meta Content widget in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress The Plus Addons For Elementor Elementor
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1534 MEDIUM This Month

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.1.7 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Booster For Woocommerce
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2128 MEDIUM PATCH This Month

The EmbedPress - Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google XSS WordPress Embedpress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-1802 MEDIUM PATCH This Month

The EmbedPress - Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google XSS WordPress Embedpress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2127 MEDIUM PATCH This Month

The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in all versions up to, and including, 1.8.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Pagelayer
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2241 MEDIUM This Month

Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Workspace
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-2270 MEDIUM This Month

A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online Bookstore Website
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-2245 MEDIUM This Month

Cross-Site Scripting vulnerability in moziloCMS version 2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Mozilocms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-24389 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Xunruicms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-1500 MEDIUM This Month

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Logo Widget in all versions up to, and including, 1.3.91 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Royal Elementor Addons Elementor
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-28216 MEDIUM This Month

nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure SSRF Ngrinder
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-28097 MEDIUM This Month

Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Schoolbox
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-28096 MEDIUM This Month

Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Schoolbox
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-28095 MEDIUM This Month

News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Schoolbox
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-28228 MEDIUM This Month

In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Youtrack
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-1720 MEDIUM PATCH This Month

The User Registration - Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress User Registration Membership
NVD VulDB
CVSS 3.1
4.7
EPSS
2.0%
CVE-2024-27707 MEDIUM This Month

Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-26167 MEDIUM PATCH This Month

Microsoft Edge for Android Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Google Microsoft Edge
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2024-22256 MEDIUM PATCH This Month

VMware Cloud Director contains a partial information disclosure vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure VMware Cloud Director
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy