Skip to main content
CVE-2024-4559 MEDIUM POC This Month

Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-4595 MEDIUM POC This Month

A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Semcms
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-33783 MEDIUM POC This Month

MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::SilentMultiPprfReceiver::expand in /Tools/SilentPprf.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Multi Protocol Spdz
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-33780 MEDIUM POC This Month

MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::copyOut at /Tools/SilentPprf.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Multi Protocol Spdz
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-2913 MEDIUM POC This Month

A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Anythingllm
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2024-34397 MEDIUM POC This Month

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Glib Debian Linux Fedora Ontap Tools
NVD
CVSS 3.1
5.2
EPSS
0.2%
CVE-2024-4594 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-32369 MEDIUM POC This Month

SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Mailinspector
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2024-4593 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-4592 MEDIUM POC This Month

A vulnerability classified as problematic was found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-4591 MEDIUM POC This Month

A vulnerability classified as problematic has been found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-4590 MEDIUM POC This Month

A vulnerability was found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-4589 MEDIUM POC This Month

A vulnerability was found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-4588 MEDIUM POC This Month

A vulnerability was found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-4587 MEDIUM POC This Month

A vulnerability was found in DedeCMS 5.7 and classified as problematic.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-4586 MEDIUM POC This Month

A vulnerability has been found in DedeCMS 5.7 and classified as problematic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-4585 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-20865 MEDIUM This Month

Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-4601 MEDIUM This Month

An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. Rated medium severity (CVSS 6.7), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-20863 MEDIUM This Month

Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-20862 MEDIUM This Month

Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-20861 MEDIUM This Month

Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory corruption. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-20866 MEDIUM This Month

Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-23551 MEDIUM This Month

Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-23709 MEDIUM PATCH This Month

In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Information Disclosure Memory Corruption Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-34517 MEDIUM PATCH This Month

The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Neo4j
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-33860 MEDIUM This Month

An issue was discovered in Logpoint before 7.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siem
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-4596 MEDIUM PATCH This Month

A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kimai
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-31456 MEDIUM PATCH This Month

GLPI is a Free Asset and IT Management Software package. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
59.1%
CVE-2023-31234 MEDIUM This Month

Missing Authorization vulnerability in Tilda Publishing.3.23. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-33122 MEDIUM This Month

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list() function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Roothub
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-33859 MEDIUM This Month

An issue was discovered in Logpoint before 7.4.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siem
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-29209 MEDIUM This Month

A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE Microsoft
NVD
CVSS 3.0
6.0
EPSS
0.4%
CVE-2024-23712 MEDIUM PATCH This Month

In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-0027 MEDIUM PATCH This Month

In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-0026 MEDIUM PATCH This Month

In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-0022 MEDIUM PATCH This Month

In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-3757 MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-31078 MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20870 MEDIUM This Month

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-20869 MEDIUM This Month

Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Internet
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-20867 MEDIUM This Month

Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Email
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20864 MEDIUM This Month

Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20859 MEDIUM This Month

Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20858 MEDIUM This Month

Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20857 MEDIUM This Month

Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-34341 MEDIUM PATCH This Month

Trix is a rich text editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-33161 MEDIUM This Month

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-33858 MEDIUM This Month

An issue was discovered in Logpoint before 7.4.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Siem
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-33856 MEDIUM This Month

An issue was discovered in Logpoint before 7.4.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siem
NVD
CVSS 3.1
5.3
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy