Skip to main content
CVE-2024-2322 MEDIUM POC This Month

The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Woocommerce Cart Abandonment Recovery
NVD WPScan
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-3270 MEDIUM POC This Month

A vulnerability classified as problematic was found in ThingsBoard up to 3.6.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Thingsboard
NVD VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-31008 MEDIUM POC This Month

An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE PHP Wuzhicms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-31009 MEDIUM POC This Month

SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via lgid parameter in Banner.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Semcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-3225 MEDIUM POC This Month

A vulnerability was found in SourceCodester PHP Task Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Task Management System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-24506 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Limesurvey
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-31013 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, allow remote attackers to execute arbitrary code via a crafted payload to the bottom of the homepage in footer_info parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Emlog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-26495 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Friendica
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-30570 MEDIUM POC This Month

An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R6850 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-27201 MEDIUM POC This Month

An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Automation Software
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2024-24976 MEDIUM POC This Month

A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open Automation Software
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-22178 MEDIUM POC This Month

A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automation Software OAS Platform V19.00.0057. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Automation Software
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2024-21870 MEDIUM POC This Month

A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software OAS Platform V19.00.0057. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Automation Software
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2024-28589 MEDIUM This Month

An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-28755 MEDIUM This Month

An issue was discovered in Mbed TLS 3.5.x before 3.6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mbed Tls
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-26768 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC] With default config, the value of NR_CPUS is 64. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-20347 MEDIUM This Month

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Emergency Responder
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-28275 MEDIUM This Month

Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive information in cleartext. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-26690 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: protect updates of 64-bit statistics counters As explained by a comment in <linux/u64_stats_sync.h>, write side of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-31420 MEDIUM This Month

A NULL pointer dereference flaw was found in KubeVirt. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-27254 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-25046 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-22360 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-28782 MEDIUM This Month

IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security Qradar Suite
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-1327 MEDIUM This Month

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image box widget in all versions up to, and including, 2.6.3 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Jeg Elementor Kit Elementor
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2758 MEDIUM This Month

Tempesta FW rate limits are not enabled by default. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.3
EPSS
72.8%
CVE-2024-27706 MEDIUM This Month

Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows attackers to execute arbitrary code via upload of crafted SVG file to issues. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-20362 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Rv016 Firmware Rv042 Firmware Rv042G Firmware +3
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-20310 MEDIUM This Month

A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Unified Communications Manager Im And Presence Service
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-20282 MEDIUM This Month

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Nexus Dashboard
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-27346 MEDIUM This Month

Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Power Pdf
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-27343 MEDIUM This Month

Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Power Pdf
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-27336 MEDIUM This Month

Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Power Pdf
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-26779 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix race condition on enabling fast-xmit fast-xmit must only be enabled after the sta has been uploaded to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Race Condition Denial Of Service Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26778 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-26777 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-26776 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Return IRQ_NONE from the interrupt handler when no interrupt was. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26775 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: aoe: avoid potential deadlock at set_capacity Move set_capacity() outside of the section procected by (&d->lock). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26774 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt Determine if bb_fragments is 0 instead of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26773 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Determine if the group block bitmap is corrupted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-26772 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Places the logic for checking if the group's block. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-26771 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Add some null pointer checks to the edma_probe devm_kasprintf() returns a pointer to dynamically allocated. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26770 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: HID: nvidia-shield: Add missing null pointer checks to LED initialization devm_kasprintf() returns a pointer to dynamically. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Nvidia Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26767 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fixed integer types and null check locations [why]: issues fixed: - comparison with wider integer type in loop. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Amd Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26766 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Unfortunately the commit `fd8958efe877` introduced another error causing the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Canonical Denial Of Service Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-26765 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Disable IRQ before init_fn() for nonboot CPUs Disable IRQ before init_fn() for nonboot CPUs when hotplug, in order to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26762 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Skip to handle RAS errors if CXL.mem device is detached The PCI AER model is an awkward fit for CXL error handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26761 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26760 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: target: pscsi: Fix bio_put() for error case As of commit 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26759 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix race when skipping swapcache When skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads swapin the same. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy