Skip to main content
CVE-2024-22546 MEDIUM POC This Month

TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.

Command Injection Tew 815Dap Firmware
NVD
CVSS 3.1
6.4
EPSS
1.5%
CVE-2024-33832 MEDIUM POC This Month

OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /index.php?c=api&method=get_link_info. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP
NVD GitHub
CVSS 3.1
6.3
EPSS
0.7%
CVE-2024-33371 MEDIUM POC This Month

Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to execute arbitrary code via the typeid parameter in the makehtml_list_action.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Dedecms
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-33101 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Thinksaas
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-33102 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Thinksaas
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-33436 MEDIUM POC This Month

An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS variables. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Css Exfil Protection
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-4348 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in osCommerce 4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
4.3
EPSS
1.8%
CVE-2024-3746 MEDIUM This Month

The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Scadapro Server
NVD
CVSS 4.0
6.8
EPSS
0.2%
CVE-2024-23772 MEDIUM This Month

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Microsoft
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-1371 MEDIUM This Month

The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lc_public_api_proxy() function in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-0216 MEDIUM This Month

The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google WordPress SSRF
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-34149 MEDIUM This Month

In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots20231115, tapscript lacks a policy size limit check, a different issue than CVE-2023-50428. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-33103 MEDIUM This Month

An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS File Upload
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2877 MEDIUM This Month

Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-22405 MEDIUM This Month

XADMaster is an objective-C library for archive and file unarchiving and extraction. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-34044 MEDIUM This Month

The O-RAN E2T I-Release buildPrometheusList function can have a NULL pointer dereference because peerInfo can be NULL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-34043 MEDIUM This Month

O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a certain E2AP-PDU message. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ric App Kpimon Go
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-3072 MEDIUM This Month

The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_texts() function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34047 MEDIUM PATCH This Month

O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ric Plt E2Mgr
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy