Skip to main content
CVE-2024-28102 MEDIUM POC PATCH This Month

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Denial Of Service Jwcrypto Debian Linux
NVD GitHub
CVSS 3.1
6.8
EPSS
1.0%
CVE-2024-22724 MEDIUM POC This Month

An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE File Upload Oscommerce
NVD GitHub
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-2774 MEDIUM POC This Month

A vulnerability classified as critical was found in Campcodes Online Marriage Registration System 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Marriage Registration System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-2770 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Online Beauty Parlor Management System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-28863 MEDIUM POC PATCH This Month

node-tar is a Tar for Node.js. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Denial Of Service Tar
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-2768 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Online Beauty Parlor Management System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-2767 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Online Beauty Parlor Management System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-2766 MEDIUM POC This Month

A vulnerability has been found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Online Beauty Parlor Management System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-2713 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Campcodes Complete Online DJ Booking System 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Online Dj Booking System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-2712 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Campcodes Complete Online DJ Booking System 1.0.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Online Dj Booking System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-27936 MEDIUM POC PATCH This Month

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Deno Deno Runtime
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-27927 MEDIUM POC PATCH This Month

RSSHub is an open source RSS feed generator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Denial Of Service Rsshub
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-25811 MEDIUM POC This Month

An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dreamer Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-24110 MEDIUM POC This Month

SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Crmeb Java
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-2775 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Campcodes Online Marriage Registration System 1.0.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Marriage Registration System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2773 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Campcodes Online Marriage Registration System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Marriage Registration System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-29374 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3.10.9 handles user input within the "GET /?lang=" URL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Moodle
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-28635 MEDIUM POC PATCH This Month

Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Survey Creator
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-25167 MEDIUM POC This Month

Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Eblog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-28756 MEDIUM POC This Month

The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Google Mysolaredge
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-24818 MEDIUM POC PATCH This Month

EspoCRM is an Open Source Customer Relationship Management software. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. Public exploit code available.

Code Injection Espocrm
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-29244 MEDIUM POC This Month

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at /apply.cgi. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Lbt T300 Mini1 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-27932 MEDIUM POC PATCH This Month

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Deno
NVD GitHub
CVSS 3.1
4.6
EPSS
0.6%
CVE-2024-1727 MEDIUM POC PATCH This Month

A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Denial Of Service File Upload Gradio
NVD GitHub
CVSS 3.0
4.3
EPSS
0.4%
CVE-2024-27916 MEDIUM POC PATCH This Month

Minder is a software supply chain security platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Minder
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-25359 MEDIUM This Month

An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickle_load function of the serialize.py file. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Lagom
NVD GitHub
CVSS 3.1
6.6
EPSS
0.3%
CVE-2023-49837 MEDIUM This Month

A vulnerability in David Artiss Code Embed simple-embed-code.3.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-2580 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Automation By Autonami allows Stored XSS.8.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-27963 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crisp allows Stored XSS.44. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Crisp
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-27105 MEDIUM This Month

Frappe is a full-stack web application framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Frappe
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-1908 MEDIUM This Month

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-1450 MEDIUM PATCH This Month

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.10 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Shariff Wrapper
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-1326 MEDIUM This Month

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tag attributes in all versions up to, and including, 2.6.2 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Jeg Elementor Kit Elementor
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-0966 MEDIUM PATCH This Month

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Shariff Wrapper
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-1278 MEDIUM This Month

The Easy Social Feed - Social Photos Gallery - Post Feed - Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'efb_likebox' shortcode in all versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Easy Social Feed
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-6500 MEDIUM PATCH This Month

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Shariff Wrapper
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2453 MEDIUM This Month

There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-2464 MEDIUM This Month

This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.7.1. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cdex
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-2494 MEDIUM This Month

A flaw was found in the RPC library APIs of libvirt. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Denial Of Service
NVD
CVSS 3.1
6.2
EPSS
0.4%
CVE-2024-29879 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Sentrifugo
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-29878 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/sitepreference/add, 'description' parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Sentrifugo
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-29877 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/expenses/expensecategories/edit, 'expense_category_name' parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Sentrifugo
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-27926 MEDIUM PATCH This Month

RSSHub is an open source RSS feed generator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Rsshub
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-27626 MEDIUM This Month

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dotclear
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-27291 MEDIUM PATCH This Month

Docassemble is an expert system for guided interviews and document assembly. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Docassemble
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-27290 MEDIUM PATCH This Month

Docassemble is an expert system for guided interviews and document assembly. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Docassemble
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2579 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Tracking Code Manager.0.16. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-27965 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels wpfunnels.0.6. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-2578 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPCoder WP Coder allows Stored XSS.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Coder
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-27995 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute Infosystems ARMember - Membership Plugin, Content Restriction, Member Levels, User Profile. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Armember
NVD
CVSS 3.1
5.9
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy