Skip to main content
CVE-2024-2916 MEDIUM POC This Month

A vulnerability was found in Campcodes House Rental Management System 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP House Rental Management System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-1313 MEDIUM POC PATCH This Month

It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/<key> using its view. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Grafana
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-29197 MEDIUM POC PATCH This Month

Pimcore is an Open Source Data & Experience Management Platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Pimcore
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-29644 MEDIUM POC This Month

Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Dcat Admin
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-29832 MEDIUM POC This Month

The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Photo Gallery
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1455 MEDIUM POC PATCH This Month

A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XXE Denial Of Service Langchain
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2024-29833 MEDIUM POC This Month

The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression;. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Photo Gallery
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-29810 MEDIUM POC This Month

The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Photo Gallery
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-29809 MEDIUM POC This Month

The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Photo Gallery
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-29808 MEDIUM POC This Month

The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Photo Gallery
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-29883 MEDIUM POC PATCH This Month

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Createwiki
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-1745 MEDIUM POC This Month

The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Testimonial Slider And Showcase
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-2911 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Publiccms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-30233 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wholesalex
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-30234 MEDIUM This Month

Missing Authorization vulnerability in Wholesale Team WholesaleX.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wholesalex
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-24799 MEDIUM This Month

Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Microsoft Authentication Bypass Box Office
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-2906 MEDIUM This Month

Missing Authorization vulnerability in SoftLab Radio Player.0.73. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-7251 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr User Submitted Posts allows Stored XSS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-2888 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid - Visual Drag and Drop Editor allows Stored XSS.26.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Post And Page Builder
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-30232 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.6.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Exclusive Addons For Elementor Elementor
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-22156 MEDIUM This Month

Missing Authorization vulnerability in SNP Digital SalesKing.6.15. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-25138 MEDIUM This Month

In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-22436 MEDIUM This Month

A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-2303 MEDIUM This Month

The Easy Textillate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'textillate' shortcode in all versions up to, and including, 2.01 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2170 MEDIUM PATCH This Month

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the child page index widget in all versions up to, and including, 9.96.0.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Vk All In One Expansion Unit
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-29881 MEDIUM PATCH This Month

TinyMCE is an open source rich text editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tinymce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-29203 MEDIUM PATCH This Month

TinyMCE is an open source rich text editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tinymce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-28126 MEDIUM This Month

Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-26018 MEDIUM This Month

Cross-site scripting vulnerability exists in TvRock 0.9t8a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-25965 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in mbbhatti Upload Resume.2.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2024-2889 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon wp-lister-for-amazon.6.11. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-2971 MEDIUM This Month

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26649 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer when load rlc firmware If the RLC firmware is invalid because of wrong header size, the pointer to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26648 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay() In edp_setup_replay(), 'struct dc *dc' & 'struct. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Amd Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26647 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()' In link_set_dsc_pps_packet(), 'struct. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Amd Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26646 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: thermal: intel: hfi: Add syscore callbacks for system-wide PM The kernel allocates a memory buffer and provides its location to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Buffer Overflow Intel Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26645 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracing_map Running the following two commands in parallel on a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26644 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't abort filesystem when attempting to snapshot deleted subvolume If the source file descriptor to the snapshot ioctl. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-25957 MEDIUM This Month

Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Microsoft Grab
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-25956 MEDIUM This Month

Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Microsoft Grab
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32237 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery) allows Stored XSS.8.1.1; TheGem. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-2732 MEDIUM PATCH This Month

The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themify_post_slider shortcode in all versions up to, and including, 2.0.8 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Themify Shortcodes
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-28034 MEDIUM This Month

Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-27630 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PeepSo Community by PeepSo.0.9.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-24805 MEDIUM This Month

Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-29735 MEDIUM PATCH This Month

Improper Preservation of Permissions vulnerability in Apache Airflow.8.2 through 2.8.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Apache Information Disclosure Docker Airflow
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2024-29199 MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Nautobot
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-26303 MEDIUM This Month

Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-22356 MEDIUM PATCH This Month

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Integration Bus App Connect Enterprise
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-30235 MEDIUM This Month

Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin - MPG.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Multiple Page Generator
NVD
CVSS 3.1
4.3
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy