Skip to main content
CVE-2023-50224 MEDIUM KEV THREAT This Month

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability.

NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2024-30851 MEDIUM POC This Month

Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the download_file.php component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Jasmin Ransomware
NVD GitHub
CVSS 3.1
6.5
EPSS
4.6%
CVE-2024-34075 MEDIUM POC PATCH This Month

kurwov is a fast, dependency-free library for creating Markov Chains. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization
NVD GitHub
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-34449 MEDIUM POC This Month

Vditor 3.10.3 allows XSS via an attribute of an A element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vditor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-4439 MEDIUM POC PATCH THREAT This Month

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
70.8%
CVE-2024-3692 MEDIUM POC This Month

The Gutenverse WordPress plugin before 1.9.1 does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gutenverse
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-3637 MEDIUM POC This Month

The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Form Lead Form Elementor Builder
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-34401 MEDIUM POC This Month

Savsoft Quiz 6.0 allows stored XSS via the index.php/quiz/insert_quiz/ quiz_name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Savsoft Quiz
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-33793 MEDIUM POC This Month

netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the ping test page. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mex605 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-34408 MEDIUM POC PATCH This Month

Tencent libpag through 4.3.51 has an integer overflow in DecodeStream::checkEndOfFile() in codec/utils/DecodeStream.cpp via a crafted PAG (Portable Animated Graphics) file. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Libpag
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-3703 MEDIUM POC This Month

The Carousel Slider WordPress plugin before 2.2.10 does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed,. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Carousel Slider
NVD WPScan
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-33791 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the getTimeZone function. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mex605 Firmware
NVD GitHub
CVSS 3.1
4.6
EPSS
0.4%
CVE-2024-34404 MEDIUM This Month

A vulnerability was discovered in the Alta Recovery Vault feature of Veritas NetBackup before 10.4 and NetBackup Appliance before 5.4. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-1395 MEDIUM This Month

Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. Rated medium severity (CVSS 6.7), this vulnerability is no authentication required. No vendor patch available.

Use After Free Denial Of Service Memory Corruption 5th Gen Gpu Architecture Kernel Driver
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-33935 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pascal Bajorat PB MailCrypt allows Stored XSS.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-33934 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey Lampert Mini Loops allows Stored XSS.4.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-33932 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vinod Dalvi Login Logout Register Menu allows Stored XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-33945 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in solverwp.Com Eleblog - Elementor Blog And Magazine Addons allows Stored XSS.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-33936 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Print-O-Matic allows Stored XSS.1.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-33927 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team GIPHY Giphypress allows Stored XSS.6.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-33926 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Karl Kiesinger GWP-Histats allows Stored XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-33916 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MachoThemes CPO Companion allows Stored XSS.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-33931 MEDIUM This Month

Missing Authorization vulnerability in ilGhera JW Player for WordPress.3.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-33919 MEDIUM This Month

Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.4.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-34068 MEDIUM PATCH This Month

Pterodactyl wings is the server control plane for Pterodactyl Panel. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Wings
NVD GitHub
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-33923 MEDIUM This Month

Missing Authorization vulnerability in Smartypants SP Project & Document Manager.69. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-3109 MEDIUM This Month

A hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with a lack of URI sanitation, could allow for a local attacker to read arbitrary files. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-34067 MEDIUM PATCH This Month

Pterodactyl is a free, open-source game server management panel built with PHP, React, and Go. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Docker Panel
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-33943 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyKite Ultimate Under Construction allows Stored XSS.9.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-33940 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashan Jay EventON allows Stored XSS.2.14. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-32831 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lorna Timbah (webgrrrl) Accessibility Widget allows Stored XSS.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-33918 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maxim K AJAX Login and Registration modal popup + inline form allows Stored XSS.23. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-23914 MEDIUM This Month

Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2022-48703 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR In some case, the GDDV returns a package with a buffer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-3108 MEDIUM This Month

An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application that could allow a local application to acquire the location of the device without authorization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-33941 MEDIUM This Month

Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.8.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-33929 MEDIUM This Month

Missing Authorization vulnerability in wpWax Directorist.8.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-33920 MEDIUM This Month

Missing Authorization vulnerability in Kama Democracy Poll.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-25457 MEDIUM This Month

Missing Authorization vulnerability in Richteam Slider Carousel - Responsive Image Slider.5.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-28072 MEDIUM This Month

A highly privileged account can overwrite arbitrary files on the system with log output. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Serv U
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-33914 MEDIUM This Month

Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.6.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Exclusive Addons For Elementor Elementor
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-33921 MEDIUM This Month

Broken Access Control vulnerability in ReviewX.6.21. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Reviewx
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-33937 MEDIUM This Month

Missing Authorization vulnerability in Nico Martin Progressive WordPress (PWA).1.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-33925 MEDIUM This Month

Missing Authorization vulnerability in Adrian Mörchen Embed Google Fonts.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-33915 MEDIUM This Month

Missing Authorization vulnerability in Bowo Debug Log Manager.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-24710 MEDIUM This Month

Missing Authorization vulnerability in SlickRemix Feed Them Social.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-44472 MEDIUM This Month

Missing Authorization vulnerability in ThemeFuse Unyson.7.28. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Unyson
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34453 MEDIUM This Month

TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=read_data&type=connectivity_test (which reaches /system/api.php). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-23913 MEDIUM This Month

Use of Out-of-range Pointer Offset vulnerability in Merge DICOM Toolkit C/C++ on Windows. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2024-23912 MEDIUM This Month

Out-of-bounds Read vulnerability in Merge DICOM Toolkit C/C++ on Windows. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft
NVD
CVSS 3.1
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy