Skip to main content
CVE-2024-0365 MEDIUM POC This Month

The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Fancy Product Designer
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-27930 MEDIUM POC PATCH This Month

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-28547 MEDIUM POC This Month

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the firewallEn parameter of formSetFirewallCfg function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-0973 MEDIUM POC This Month

The Widget for Social Page Feeds WordPress plugin before 6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Widget For Social Page Feeds
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-0711 MEDIUM POC This Month

The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Buttons Shortcode And Widget
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1331 MEDIUM POC This Month

The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Team Members
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-27757 MEDIUM POC This Month

flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Flusity
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-25654 MEDIUM POC This Month

Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Unified Management Platform
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0820 MEDIUM POC This Month

The Jobs for WordPress plugin before 2.7.4 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Jobs For Wordpress
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-0719 MEDIUM POC This Month

The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tabs Shortcode And Widget
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1658 MEDIUM POC This Month

The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Grid Shortcodes
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1333 MEDIUM POC This Month

The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Responsive Pricing Table
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-22412 MEDIUM POC PATCH This Month

ClickHouse is an open-source column-oriented database management system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Clickhouse Clickhouse Cloud
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-28237 MEDIUM POC PATCH This Month

OctoPrint provides a web interface for controlling consumer 3D printers. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Octoprint
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-0951 MEDIUM POC This Month

The Advanced Social Feeds Widget & Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Advanced Social Feeds Widget Shortcode
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-27937 MEDIUM POC PATCH THREAT This Month

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Glpi
NVD GitHub
CVSS 3.1
4.3
EPSS
26.9%
CVE-2024-28550 MEDIUM POC This Month

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the filePath parameter of formExpandDlnaFile function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-1604 MEDIUM This Month

Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Control M
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-23333 MEDIUM This Month

LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE PHP Ldap Account Manager
NVD GitHub
CVSS 3.1
6.6
EPSS
17.9%
CVE-2024-25655 MEDIUM This Month

Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allows members (with read access to the application database) to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-27096 MEDIUM PATCH This Month

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
58.8%
CVE-2024-27774 MEDIUM This Month

Unitronics Unistream Unilogic - Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Unilogic
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-29156 MEDIUM PATCH This Month

In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Murano Yaql
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-27974 MEDIUM This Month

Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-28855 MEDIUM PATCH This Month

ZITADEL, open source authentication management software, uses Go templates to render the login UI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Zitadel
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-28250 MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Cilium
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-28249 MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Cilium
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-27914 MEDIUM PATCH This Month

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Glpi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-2598 MEDIUM This Month

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Amss
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2597 MEDIUM This Month

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Amss
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2596 MEDIUM This Month

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Amss
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2595 MEDIUM This Month

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Amss
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2594 MEDIUM This Month

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/admin/index.php, in multiple. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Amss
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2593 MEDIUM This Month

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Amss
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-28128 MEDIUM PATCH This Month

Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fitnesse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-23604 MEDIUM This Month

Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fitnesse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-22475 MEDIUM This Month

Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-25656 MEDIUM This Month

Improper input validation in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS can result in unauthenticated CPE (Customer Premises Equipment) devices storing arbitrarily large amounts of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-28039 MEDIUM This Month

Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE
NVD GitHub
CVSS 3.1
5.8
EPSS
0.7%
CVE-2024-20764 MEDIUM This Month

Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Animate
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-20763 MEDIUM This Month

Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Animate
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-20762 MEDIUM This Month

Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Animate
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-20757 MEDIUM This Month

Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Bridge
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-2496 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Libvirt Enterprise Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26641 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() syzbot found __ip6_tnl_rcv() could access unitiliazed data [1]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Google Linux Linux Kernel Debian Linux +12
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26640 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26637 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: rely on mac80211 debugfs handling for vif mac80211 started to delete debugfs entries in certain cases, causing a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26636 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26635 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: llc: Drop support for ETH_P_TR_802_2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26634 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: fix removing a namespace with conflicting altnames Mark reports a BUG() when a net namespace is removed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy