Skip to main content
CVE-2024-4966 MEDIUM POC This Month

A vulnerability was found in SourceCodester SchoolWebTech 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Schoolwebtech
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-3642 MEDIUM POC This Month

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Newsletter Popup
NVD WPScan
CVSS 3.1
6.9
EPSS
0.3%
CVE-2024-4929 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-4927 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-4920 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Discussion Forum Site
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-34958 MEDIUM POC This Month

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-3641 MEDIUM POC This Month

The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Newsletter Popup
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-34957 MEDIUM POC This Month

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-4263 MEDIUM POC PATCH This Month

A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Mlflow
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-3851 MEDIUM POC This Month

A stored Cross-Site Scripting (XSS) vulnerability exists in the 'imartinez/privategpt' repository due to improper validation of file uploads. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Privategpt
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-4975 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in code-projects Simple Chat System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Chat System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-4974 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in code-projects Simple Chat System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Chat System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-4973 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Simple Chat System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Chat System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4972 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Simple Chat System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Chat System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4968 MEDIUM POC This Month

A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Interactive Map With Marker
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-4967 MEDIUM POC This Month

A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Interactive Map With Marker
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4946 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Art Gallery Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Art Gallery Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-4945 MEDIUM POC This Month

A vulnerability was found in SourceCodester Best Courier Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Best Courier Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.9%
CVE-2024-4933 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Simple Online Bidding System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4932 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Bidding System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4931 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Bidding System 1.0.php?page=view_udet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4930 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Simple Online Bidding System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-4928 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4926 MEDIUM POC This Month

A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Intramurals Student Attendance Management System
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-4925 MEDIUM POC This Month

A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Intramurals Student Attendance Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-4923 MEDIUM POC This Month

A vulnerability has been found in Codezips E-Commerce Site 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload E Commerce Site
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-4922 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Image Stack Website 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Image Stack Website
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-4921 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Employee And Visitor Gate Pass Logging System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-4919 MEDIUM POC This Month

A vulnerability was found in Campcodes Online Examination System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Examination System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-3644 MEDIUM POC This Month

The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Newsletter Popup
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-22379 MEDIUM This Month

Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-21843 MEDIUM This Month

Uncontrolled search path for some Intel(R) Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-21841 MEDIUM This Month

Uncontrolled search path for some Intel(R) Distribution for GDB software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-21828 MEDIUM This Month

Improper access control in some Intel(R) Ethernet Controller Administrative Tools software before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 6.7). No vendor patch available.

Authentication Bypass Privilege Escalation Intel
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-21818 MEDIUM This Month

Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-21774 MEDIUM This Month

Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-4279 MEDIUM PATCH This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Tutor Lms
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-34760 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPBlockart Magazine Blocks allows Stored XSS.3.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-22015 MEDIUM This Month

Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local access. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-34805 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webvitaly iFrame allows Stored XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-4984 MEDIUM This Month

The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD GitHub
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-4391 MEDIUM PATCH This Month

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Happy Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-4478 MEDIUM PATCH This Month

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Happy Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-3134 MEDIUM This Month

The Master Addons - Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title_html_tag attribute in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Master Addons
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4546 MEDIUM This Month

The Custom Post Type Attachment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pdf_attachment' shortcode in all versions up to, and including, 3.4.5 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4385 MEDIUM PATCH This Month

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Envo Extra
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4580 MEDIUM PATCH This Month

The Master Addons - Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Master Addons
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4634 MEDIUM PATCH This Month

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Elementor Header Footer Builder Elementor
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4617 MEDIUM This Month

The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4288 MEDIUM PATCH This Month

The Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Simply Schedule Appointments
NVD
CVSS 3.1
6.4
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy