Skip to main content
CVE-2024-31804 MEDIUM POC This Month

An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation
NVD Exploit-DB
CVSS 3.1
6.7
EPSS
0.7%
CVE-2024-33213 MEDIUM POC This Month

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1206 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-4075 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Furniture Shopping Ecommerce Website
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4074 MEDIUM POC This Month

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Furniture Shopping Ecommerce Website
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-30800 MEDIUM POC PATCH This Month

PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function. Rated medium severity (CVSS 5.6). Public exploit code available.

Information Disclosure Px4 Drone Autopilot
NVD GitHub
CVSS 3.1
5.6
EPSS
0.2%
CVE-2024-4073 MEDIUM POC This Month

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Furniture Shopping Ecommerce Website
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-4072 MEDIUM POC This Month

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Furniture Shopping Ecommerce Website
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-30886 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hadsky
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-32869 MEDIUM POC PATCH This Month

Hono is a Web application framework that provides support for any JavaScript runtime. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Hono
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-3185 MEDIUM This Month

A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-3911 MEDIUM This Month

An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-2798 MEDIUM PATCH This Month

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget containers in all versions up to, and including, 1.3.971 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Royal Elementor Addons Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-3665 MEDIUM PATCH This Month

The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's HowTo and FAQ widgets in all versions up to, and including, 1.0.216 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Seo
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2799 MEDIUM PATCH This Month

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Royal Elementor Addons Elementor
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2477 MEDIUM PATCH This Month

The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wpdiscuz
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-3491 MEDIUM This Month

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "How To" and "FAQ" Blocks in all versions up to, and including, 1.29 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-3732 MEDIUM PATCH This Month

The GeoDirectory - WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gd_single_tabs' shortcode in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Geodirectory
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-3889 MEDIUM PATCH This Month

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Accordion widget in all versions up to, and including, 1.3.971 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Royal Elementor Addons Elementor
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-32875 MEDIUM PATCH This Month

Hugo is a static site generator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-26922 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-2760 MEDIUM This Month

Bkav Home v7816, build 2403161130 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x222240 IOCTL code of the BkavSDFlt.sys driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-1241 MEDIUM This Month

Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002014 IOCTL code of the wsdk-driver.sys driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-31857 MEDIUM This Month

Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Forminator
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-32679 MEDIUM This Month

Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.7.16. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-21979 MEDIUM This Month

An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Amd Memory Corruption
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-21972 MEDIUM This Month

An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Amd Memory Corruption
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-28890 MEDIUM This Month

Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

File Upload Forminator
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-4031 MEDIUM This Month

Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-0900 MEDIUM This Month

The Elespare - Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-3664 MEDIUM This Month

The Quick Featured Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the set_thumbnail and delete_thumbnail functions in all versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy