Skip to main content
CVE-2024-28849 MEDIUM POC PATCH This Month

follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Follow Redirects
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-28323 MEDIUM POC This Month

The bwdates-report-result.php file in Phpgurukul User Registration & Login and User Management System 3.1 contains a potential security vulnerability related to user input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP User Registration Login And User Management System
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-28418 MEDIUM POC This Month

Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Webedition Cms
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-28417 MEDIUM POC This Month

Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Webedition Cms
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-26475 MEDIUM POC This Month

An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-25649 MEDIUM This Month

In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Secret Server
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-27986 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Elementor Addons by Livemesh allows Stored XSS.3.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Addons For Elementor Elementor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-28746 MEDIUM This Month

Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-27265 MEDIUM PATCH This Month

IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Integration Bus
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-23823 MEDIUM PATCH This Month

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Vantage6
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-25156 MEDIUM This Month

A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Goanywhere Managed File Transfer
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-1884 MEDIUM This Month

This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Papercut Mf Papercut Ng
NVD
CVSS 3.1
6.5
EPSS
37.9%
CVE-2024-2256 MEDIUM PATCH This Month

The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes such as bw_contact_button and bw_button shortcodes in all versions up to, and including, 4.10.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Oik
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2249 MEDIUM PATCH This Month

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress La Studio Element Kit For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-1883 MEDIUM This Month

This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Papercut Mf Papercut Ng
NVD
CVSS 3.1
6.1
EPSS
61.5%
CVE-2024-25650 MEDIUM This Month

Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Microsoft Distributed Engine Secret Server
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-1853 MEDIUM This Month

Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process Termination vulnerability by triggering the 0x80002048 IOCTL code of the zam64.sys and zamguard64.sys drivers. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0313 MEDIUM This Month

A malicious insider exploiting this vulnerability can circumvent existing security controls put in place by the organization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0312 MEDIUM This Month

A malicious insider can uninstall Skyhigh Client Proxy without a valid uninstall password. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0311 MEDIUM This Month

A malicious insider can bypass the existing policy of Skyhigh Client Proxy without a valid release code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-24770 MEDIUM PATCH This Month

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Vantage6
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-24562 MEDIUM PATCH This Month

vantage6-UI is the official user interface for the vantage6 server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Docker Information Disclosure Nginx Vantage6 Ui
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-22396 MEDIUM This Month

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Integer Overflow RCE Buffer Overflow Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2024-25651 MEDIUM This Month

User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Secret Server
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-22398 MEDIUM This Month

An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sonicwall
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-1223 MEDIUM This Month

This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Papercut Mf Papercut Ng
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-26163 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Google Microsoft Edge Chromium
NVD
CVSS 3.1
4.7
EPSS
2.1%
CVE-2024-25653 MEDIUM This Month

Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Secret Server
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy