Skip to main content
CVE-2024-4818 MEDIUM POC This Month

A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as problematic.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Online Laundry Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.0%
CVE-2024-34946 MEDIUM POC This Month

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1206 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-34245 MEDIUM POC This Month

An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtml_js_action.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Dedecms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-34206 MEDIUM POC This Month

TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp450 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2024-34202 MEDIUM POC This Month

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-33774 MEDIUM POC This Month

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanSetup_Wizard allows remote authenticated users to trigger a denial of service (DoS) through the parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Denial Of Service Dir 619l Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-33773 MEDIUM POC This Month

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanGuestSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Denial Of Service Dir 619l Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-33771 MEDIUM POC This Month

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via goform/formWPS, allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage.". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Denial Of Service Dir 619l Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-33454 MEDIUM POC This Month

Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the Bluetooth stack component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Esp Idf
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-4107 MEDIUM POC This Month

The Elementor Website Builder - More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Website Builder Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-35012 MEDIUM POC This Month

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-34698 MEDIUM POC PATCH This Month

FreeScout is a free, self-hosted help desk and shared mailbox. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Prototype Pollution XSS Freescout
NVD GitHub
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-4768 MEDIUM POC This Month

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird Debian Linux
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-4860 MEDIUM POC This Month

The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are affected by a Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization of the 'notice_id' GET parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Rss Aggregator
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-3590 MEDIUM POC This Month

The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Letterpress
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-34697 MEDIUM POC PATCH This Month

FreeScout is a free, self-hosted help desk and shared mailbox. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Freescout
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-34230 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Laboratory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-34225 MEDIUM POC This Month

Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP XSS RCE Computer Laboratory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-2299 MEDIUM POC This Month

A stored Cross-Site Scripting (XSS) vulnerability exists in the parisneo/lollms-webui application due to improper validation of uploaded files in the profile picture upload functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass XSS CSRF Lollms Web Ui
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-24157 MEDIUM POC This Month

Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea48618d957332d90f6d40e4 is vulnerable to Cross Site Scripting (XSS) via board.py. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gnuboard
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-32354 MEDIUM POC This Month

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
6.0
EPSS
1.0%
CVE-2024-32349 MEDIUM POC This Month

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mtu" parameters in the "cstecgi.cgi" binary. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
6.0
EPSS
0.9%
CVE-2024-4775 MEDIUM POC This Month

An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-4772 MEDIUM POC This Month

An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-34222 MEDIUM POC This Month

Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Human Resource Management System
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-2749 MEDIUM POC This Month

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Vikbooking Hotel Booking Engine Pms
NVD WPScan
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-33772 MEDIUM POC This Month

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formTcpipSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter "curTime.". Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow D-Link Denial Of Service Dir 619l Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.7%
CVE-2024-27834 MEDIUM POC This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +6
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-4444 MEDIUM POC This Month

The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Learnpress
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2024-3241 MEDIUM POC This Month

The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Blocks
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-35011 MEDIUM POC This Month

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-34243 MEDIUM POC This Month

Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Konga
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3239 MEDIUM POC This Month

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Postx
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-34899 MEDIUM POC PATCH This Month

WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Avideo
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-34709 MEDIUM POC PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-4820 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.1%
CVE-2024-4819 MEDIUM POC This Month

A vulnerability was found in Campcodes Online Laundry Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Online Laundry Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-4817 MEDIUM POC This Month

A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Online Laundry Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.9%
CVE-2024-4809 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Open Source Clinic Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Open Source Clinic Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.2%
CVE-2024-4808 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Kashipara College Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP College Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-4807 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Kashipara College Management System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP College Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-4806 MEDIUM POC This Month

A vulnerability classified as critical was found in Kashipara College Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP College Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-4805 MEDIUM POC This Month

A vulnerability classified as critical has been found in Kashipara College Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP College Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-4804 MEDIUM POC This Month

A vulnerability was found in Kashipara College Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP College Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-4803 MEDIUM POC This Month

A vulnerability was found in Kashipara College Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP College Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-4802 MEDIUM POC This Month

A vulnerability was found in Kashipara College Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP College Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-4801 MEDIUM POC This Month

A vulnerability was found in Kashipara College Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP College Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-4800 MEDIUM POC This Month

A vulnerability has been found in Kashipara College Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP College Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-4799 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Kashipara College Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP College Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-4798 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.9%
Page 1 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy