Skip to main content
CVE-2024-3135 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Localai
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2024-3131 MEDIUM POC This Month

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Computer Laboratory Management System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-3129 MEDIUM POC This Month

A vulnerability was found in SourceCodester Image Accordion Gallery App 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Image Accordion Gallery App
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.7%
CVE-2024-30863 MEDIUM POC This Month

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/history.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

SQLi PHP Ns Asg Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-30864 MEDIUM POC This Month

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupTimePolicy.php. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ns Asg Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-2278 MEDIUM POC This Month

Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Woocommerce Product Filter
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-3140 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Computer Laboratory Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Computer Laboratory Management System
NVD VulDB GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-3139 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Computer Laboratory Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-30866 MEDIUM POC This Month

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/menu.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ns Asg Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-30861 MEDIUM POC This Month

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configguide/ipsec_guide_1.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ns Asg Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-1526 MEDIUM POC This Month

The Hubbub Lite WordPress plugin before 1.33.1 does not ensure that user have access to password protected post before displaying its content in a meta tag. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Social Pug
NVD WPScan
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-30872 MEDIUM POC This Month

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /include/authrp.php. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ns Asg Firmware
NVD GitHub
CVSS 3.1
5.1
EPSS
0.3%
CVE-2024-2263 MEDIUM POC This Month

Themify WordPress plugin before 1.4.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Woocommerce Product Filter
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-2262 MEDIUM POC This Month

Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Woocommerce Product Filter
NVD WPScan
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-31033 MEDIUM This Month

JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Information Disclosure
NVD GitHub
CVSS 3.1
6.8
EPSS
0.8%
CVE-2024-20054 MEDIUM This Month

In gnss, there is a possible escalation of privilege due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Yocto Rdk B +2
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-20046 MEDIUM This Month

In battery, there is a possible escalation of privilege due to an integer overflow. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Integer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-20044 MEDIUM This Month

In da, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-20043 MEDIUM This Month

In da, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-20042 MEDIUM This Month

In da, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-27609 MEDIUM PATCH This Month

Bonita before 2023.2-u2 allows stored XSS via a UI screen in the administration panel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-20055 MEDIUM This Month

In imgsys, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 6.3). No vendor patch available.

Buffer Overflow Information Disclosure Yocto Iot Yocto Android
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-20048 MEDIUM This Month

In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-28895 MEDIUM This Month

'Yahoo!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Google
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-3130 MEDIUM This Month

Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after. Rated medium severity (CVSS 5.7). No vendor patch available.

Authentication Bypass Apple Information Disclosure Google
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2024-26655 MEDIUM PATCH This Month

A memory leak vulnerability exists in the Linux kernel's posix_clock_open() function where allocated pccontext memory is not properly released if the clock operations open() callback returns an error. This affects Linux kernel versions including 6.9-rc1 and potentially earlier releases across all architectures. An unprivileged local attacker with standard user privileges can trigger repeated failed clock open operations to exhaust kernel memory and cause denial of service, though the extremely low EPSS score of 0.01% indicates exploitation in the wild is unlikely despite the vulnerability being patched across multiple kernel versions.

Linux Memory Corruption Linux Kernel
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27333 MEDIUM This Month

Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Power Pdf
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-27329 MEDIUM This Month

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-27328 MEDIUM This Month

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-27326 MEDIUM This Month

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-27325 MEDIUM This Month

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-27324 MEDIUM This Month

PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-20047 MEDIUM This Month

In battery, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-25080 MEDIUM This Month

WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attachment viewer. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-3165 MEDIUM This Month

System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dotcms
NVD GitHub
CVSS 3.1
4.5
EPSS
0.5%
CVE-2024-3164 MEDIUM This Month

In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dotcms
NVD GitHub
CVSS 3.1
4.5
EPSS
0.5%
CVE-2024-20052 MEDIUM This Month

In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Yocto Rdk B Android Openwrt
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20050 MEDIUM This Month

In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Yocto Rdk B Android Openwrt
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20049 MEDIUM This Month

In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Yocto Rdk B Android Openwrt
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20041 MEDIUM This Month

In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-29435 MEDIUM This Month

An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Alldata
NVD GitHub
CVSS 3.1
4.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy