Skip to main content
CVE-2024-5065 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Online Course Registration System 3.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Course Registration System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-5064 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Course Registration System 3.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Course Registration System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-5063 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Course Registration System 3.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Course Registration System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-5047 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Student Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-5046 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Examination System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Examination System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-5045 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Online Birth Certificate Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-2697 MEDIUM POC This Month

The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Swift Framework
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-5044 MEDIUM POC This Month

A vulnerability was found in Emlog Pro 2.3.4. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Emlog
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
1.0%
CVE-2024-3580 MEDIUM POC This Month

The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup4Phone
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-3231 MEDIUM POC This Month

The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup4Phone
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-46197 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.10.19. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.1% and no vendor patch available.

Path Traversal Popup
NVD
CVSS 3.1
5.3
EPSS
23.1%
CVE-2024-34959 MEDIUM POC This Month

DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_data_replace.php. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dedecms
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-35110 MEDIUM POC This Month

A reflected XSS vulnerability has been found in YzmCMS 7.1. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Yzmcms
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-5069 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Mens Salon Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Online Men S Salon Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5066 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Online Course Registration System 3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Course Registration System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5051 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Gas Agency Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Gas Agency Management System
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5049 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload E Commerce Site
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-5048 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Budget Management 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Budget Management
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5043 MEDIUM POC This Month

A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Emlog
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-34241 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rocket Lms
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
0.8%
CVE-2024-2744 MEDIUM POC This Month

The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Nextgen Gallery
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-35843 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Use device rbtree in iopf reporting path The existing I/O page fault handler currently locates the PCI device by. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-23583 MEDIUM This Month

An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Bigfix Platform
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-22429 MEDIUM This Month

Dell BIOS contains an Improper Input Validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Edge Gateway 5000 Firmware Precision 5820 Tower Firmware Edge Gateway 3000 Firmware +47
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-5042 MEDIUM PATCH This Month

A flaw was found in the Submariner project. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

Privilege Escalation
NVD GitHub
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-34757 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visualmodo Borderless borderless allows DOM-Based XSS.7.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-32800 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Felix Moira Popup More Popups allows Stored XSS.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-34567 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-25742 MEDIUM This Month

In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. Rated medium severity (CVSS 6.5). No vendor patch available.

Code Injection Amd Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-5072 MEDIUM This Month

Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devolutions Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-34434 MEDIUM This Month

Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Inclusion, Functionality Misuse.3.3.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wordpress Meta Data And Taxonomies Filter
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-30509 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Artbees SellKit allows Relative Path Traversal.8.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-24715 MEDIUM This Month

Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-4789 MEDIUM This Month

Cost Calculator Builder Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to 3.1.72, via the send_demo_webhook() function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-35853 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
6.4
EPSS
0.7%
CVE-2024-31281 MEDIUM PATCH This Month

Missing Authorization vulnerability in andy_moyle Church Admin church-admin.1.6. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass
NVD VulDB
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-31974 MEDIUM This Month

The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google
NVD GitHub
CVSS 3.1
6.3
EPSS
0.6%
CVE-2024-35312 MEDIUM PATCH This Month

In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 (with lite vanguards), aka TROVE-2024-003. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-23522 MEDIUM This Month

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Formidable Forms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-27402 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: phonet/pep: fix racy skb_queue_empty() use The receive queues are protected by their respective spin-lock, not the socket lock. Rated medium severity (CVSS 5.8).

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2024-27436 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Linux Linux Kernel Debian Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-35828 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel Debian Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-52658 MEDIUM PATCH This Month

A denial-of-service vulnerability exists in the Linux kernel's MLX5 network driver switchdev mode implementation, caused by a problematic commit (662404b24a4c4d839839ed25e3097571f5938b9b) that was reverted due to suspected instability and system crashes. Local attackers with low privileges can trigger this vulnerability to cause system unavailability or kernel crashes without user interaction. The vulnerability affects Linux kernel versions 6.3 through 6.8-rc1, with an EPSS score of 0.02% indicating low exploitation probability in the wild, though patches are available from the kernel maintainers.

Linux Denial Of Service Linux Kernel
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27431 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdp_rxq_info struct before running XDP program When running an XDP program that is attached to a cpumap. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel Debian Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-35815 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion The first kiocb_set_cancel_fn() argument may point at a struct. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-35813 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid negative index with array access Commit 4d0c8d0aef63 ("mmc: core: Use mrq.sbc in close-ended ffu") assigns. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-35811 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach This is the candidate patch of CVE-2023-47233 :. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Broadcom Linux +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-35807 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize We observed a corruption during on-line resize of a file system that is larger than 16. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-35805 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: dm snapshot: fix lockup in dm_exception_table_exit There was reported lockup when we exit a snapshot with many exceptions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-35859 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: block: fix module reference leakage from bdev_open_by_dev error path At the time bdev_may_open() is called, module reference is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy