Skip to main content
CVE-2024-3428 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Courseware
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-3433 MEDIUM POC This Month

A vulnerability classified as problematic has been found in PuneethReddyHC Event Management 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Event Management
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-3427 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Online Courseware 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Courseware
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-3426 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Online Courseware 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Courseware
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-6877 MEDIUM PATCH This Month

The RSS Aggregator by Feedzy - Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Rss Aggregator By Feedzy
NVD VulDB
CVSS 3.1
6.4
EPSS
0.7%
CVE-2024-31306 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.5.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Essential Blocks
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-31236 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.3.93. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Royal Elementor Addons Elementor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-31348 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Testimonials allows Stored XSS.0.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-31349 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch MailMunch - Grow your Email List allows Stored XSS.1.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mailmunch
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-31346 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksmarket Gradient Text Widget for Elementor allows Stored XSS.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-31258 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micro.Company Form to Chat App allows Stored XSS.1.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-31257 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Formsite Formsite | Embed online forms to collect orders, registrations, leads, and surveys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-31951 MEDIUM PATCH This Month

In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Frrouting
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-31950 MEDIUM PATCH This Month

In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Frrouting
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-31949 MEDIUM PATCH This Month

In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-31948 MEDIUM PATCH This Month

In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-31344 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phpbits Creative Studio Easy Login Styler - White Label Admin Login Page for WordPress allows. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-31308 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.9.26. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Wp Import Export Lite
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-22155 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.5.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-31291 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.7.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Profilegrid
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-31296 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.0.81. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Bookingpress
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy