Skip to main content
CVE-2024-33752 MEDIUM POC This Month

An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Emlog
NVD GitHub
CVSS 3.1
6.3
EPSS
4.6%
CVE-2024-34250 MEDIUM POC This Month

A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the "wasm_loader_check_br". Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service Webassembly Micro Runtime
NVD GitHub
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-4527 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4526 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4525 MEDIUM POC This Month

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4524 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4523 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4522 MEDIUM POC This Month

A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4521 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4519 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4518 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4517 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4516 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4515 MEDIUM POC This Month

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4514 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4513 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-33407 MEDIUM POC This Month

SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-0904 MEDIUM POC This Month

The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress XSS Fancy Product Designer
NVD WPScan
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-34472 MEDIUM POC This Month

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Mailinspector
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2024-34471 MEDIUM POC This Month

An issue was discovered in HSC Mailinspector 5.2.17-3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Mailinspector
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-33111 MEDIUM POC This Month

D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP XSS Dir 845L Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-33829 MEDIUM POC This Month

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-3755 MEDIUM POC This Month

The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mf Gig Calendar
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3752 MEDIUM POC This Month

The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Crelly Slider
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-4512 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Prison Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-33113 MEDIUM POC This Month

D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Command Injection Dir 845L Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
3.4%
CVE-2024-34525 MEDIUM POC This Month

FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Filecodebox
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-4528 MEDIUM POC This Month

A vulnerability was found in SourceCodester Prison Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Prison Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2024-20059 MEDIUM This Month

In da, there is a possible escalation of privilege due to an incorrect status check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20056 MEDIUM This Month

In preloader, there is a possible escalation of privilege due to an insecure default value. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Rdk B Android Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20021 MEDIUM This Month

In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-33576 MEDIUM This Month

Missing Authorization vulnerability in Ollybach WPPizza.18.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-34376 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Edge allows Stored XSS.0.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-34381 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.0.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Propertyhive
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-34390 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Stored XSS.4.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Post Grid Master
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-34374 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementsready
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-34380 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-34373 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-23188 MEDIUM This Month

Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-6854 MEDIUM This Month

The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom postmeta output in all versions up to, and including, 1.7.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-33121 MEDIUM This Month

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search() function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Roothub
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-4511 MEDIUM This Month

A vulnerability classified as critical has been found in Shanghai Sunfull Automation BACnet Server HMI1002-ARM 2.0.4. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.6%
CVE-2024-34078 MEDIUM PATCH This Month

html-sanitizer is an allowlist-based HTML cleaner. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-23187 MEDIUM This Month

Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-23186 MEDIUM This Month

E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-33600 MEDIUM This Month

nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Null Pointer Dereference Denial Of Service Glibc Debian Linux Active Iq Unified Manager +10
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-34413 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SliceWP allows Stored XSS.1.10. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-34375 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL Sheets To WP Table Live Sync allows Stored XSS.7.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-34366 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AltText.Ai Download Alt Text AI allows Stored XSS.3.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-20060 MEDIUM This Month

In da, there is a possible escalation of privilege due to an incorrect status check. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
5.9
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy