Skip to main content
CVE-2024-3437 MEDIUM POC This Month

A vulnerability was found in SourceCodester Prison Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Prison Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.1%
CVE-2024-1588 MEDIUM POC This Month

The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Sendpress
NVD WPScan
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-31805 MEDIUM POC This Month

TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex200 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-1956 MEDIUM POC This Month

The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpb Show Core
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-1752 MEDIUM POC This Month

The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Font Farsi
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1589 MEDIUM POC This Month

The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Sendpress
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-27631 MEDIUM POC PATCH This Month

Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP CSRF Savane
NVD GitHub
CVSS 3.1
6.0
EPSS
0.4%
CVE-2024-31221 MEDIUM POC PATCH This Month

Sunshine is a self-hosted game stream host for Moonlight. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. Public exploit code available.

Session Fixation Information Disclosure Sunshine
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-3463 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Laundry Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Laundry Shop Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-3443 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Prison Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-30269 MEDIUM POC THREAT This Month

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dataease
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
16.0%
CVE-2024-1958 MEDIUM POC This Month

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpb Show Core
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-1292 MEDIUM POC This Month

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpb Show Core
NVD WPScan
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-2511 MEDIUM This Month

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Denial Of Service
NVD GitHub
CVSS 3.1
5.9
EPSS
4.1%
CVE-2024-23584 MEDIUM This Month

The NMAP Importer service​ may expose data store credentials to authorized users of the Windows Registry. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-28224 MEDIUM PATCH This Month

Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Ollama
NVD GitHub
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-31357 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.5.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-0083 MEDIUM This Month

NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users' browsers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Information Disclosure Denial Of Service XSS +2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-31812 MEDIUM This Month

In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ex200 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-31806 MEDIUM This Month

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ex200 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-23079 MEDIUM This Month

JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-23192 MEDIUM This Month

RSS feeds that contain malicious data- attributes could be abused to inject script code to a users browser session when reading compromised RSS feeds or successfully luring users to compromised. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-26811 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-31375 MEDIUM This Month

Missing Authorization vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads.2.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-31205 MEDIUM PATCH This Month

Saleor is an e-commerce platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Saleor
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-23191 MEDIUM This Month

Upsell advertisement information of an account can be manipulated to execute script code in the context of the users browser session. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-23190 MEDIUM This Month

Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-23189 MEDIUM This Month

Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-3434 MEDIUM This Month

A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-31447 MEDIUM PATCH This Month

Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

PHP Information Disclosure Shopware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-3444 MEDIUM This Month

A vulnerability was found in Wangshen SecGate 3600 up to 20240408. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD VulDB GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-23658 MEDIUM This Month

In camera driver, there is a possible use after free due to a logic error. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
4.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy