Skip to main content
CVE-2024-2817 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda CSRF Ac15 Firmware
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-2816 MEDIUM POC This Month

A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda CSRF Ac15 Firmware
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-29272 MEDIUM POC PATCH This Month

Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP File Upload Vvvebjs
NVD GitHub
CVSS 3.1
6.5
EPSS
9.4%
CVE-2024-2776 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Campcodes Online Marriage Registration System 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Marriage Registration System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-2824 MEDIUM POC This Month

A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical.c. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.7%
CVE-2024-25168 MEDIUM POC This Month

SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Snow
NVD GitHub
CVSS 3.1
6.3
EPSS
0.6%
CVE-2024-29273 MEDIUM POC This Month

There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dzzoffice
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-29271 MEDIUM POC PATCH This Month

Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP XSS Vvvebjs
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-25807 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Lychee
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2780 MEDIUM POC This Month

A vulnerability was found in Campcodes Online Marriage Registration System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Marriage Registration System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2778 MEDIUM POC This Month

A vulnerability was found in Campcodes Online Marriage Registration System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Marriage Registration System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-28560 MEDIUM POC This Month

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP B2B2C Multi Business
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-26557 MEDIUM POC This Month

Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Codiad
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-2779 MEDIUM POC This Month

A vulnerability was found in Campcodes Online Marriage Registration System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Marriage Registration System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-29186 MEDIUM POC PATCH This Month

Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Denial Of Service Bref
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-29042 MEDIUM POC PATCH This Month

Translate is a package that allows users to convert text to different languages on Node.js and the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Information Disclosure Translate
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-2777 MEDIUM POC This Month

A vulnerability has been found in Campcodes/PHPGurukul Online Marriage Registration System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Marriage Registration System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-2823 MEDIUM POC This Month

A vulnerability has been found in DedeCMS 5.7 and classified as problematic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-2822 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-2821 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-2820 MEDIUM POC This Month

A vulnerability classified as problematic was found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-0638 MEDIUM This Month

Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Checkmk
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-2500 MEDIUM This Month

The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-2392 MEDIUM PATCH This Month

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Blocksy Companion
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-0957 MEDIUM PATCH This Month

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Woocommerce Pdf Invoices Packing Slips Delivery Notes And Shipping Labels
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2024-2727 MEDIUM This Month

HTML injection vulnerability affecting the CIGESv2 system, which allows an attacker to inject arbitrary code and modify elements of the website and email confirmation message. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Ciges
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-2726 MEDIUM This Month

Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ciges
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-2728 MEDIUM This Month

Information exposure vulnerability in the CIGESv2 system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ciges
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-29865 MEDIUM This Month

Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siem
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-28593 MEDIUM This Month

The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Moodle
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-26247 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Google Microsoft Edge
NVD
CVSS 3.1
4.7
EPSS
1.1%
CVE-2024-2080 MEDIUM This Month

The LiquidPoll - Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.76 via the poller_list. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-29057 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy