Skip to main content
CVE-2024-5384 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Facebook News Feed Like 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Facebook News Feed Like
NVD VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-4533 MEDIUM POC This Month

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Kkprogressbar2
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-4532 MEDIUM POC This Month

The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Business Card
NVD WPScan
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4530 MEDIUM POC This Month

The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing card categories. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Business Card
NVD WPScan
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-4534 MEDIUM POC This Month

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Kkprogressbar2
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-3939 MEDIUM POC This Month

The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ditty
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-5397 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Online Student Enrollment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Student Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5396 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Online Student Enrollment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Student Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5395 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Student Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5394 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Student Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5393 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Student Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-5392 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Student Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5391 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Online Student Enrollment System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Student Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5390 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in itsourcecode Online Student Enrollment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Student Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4529 MEDIUM POC This Month

The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting card. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress CSRF Business Card
NVD WPScan
CVSS 3.1
5.0
EPSS
0.2%
CVE-2024-35236 MEDIUM POC PATCH This Month

Audiobookshelf is a self-hosted audiobook and podcast server. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Microsoft Audiobookshelf
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2024-32978 MEDIUM PATCH This Month

Kaminari is a paginator for web app frameworks and object relational mappings. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
6.6
EPSS
0.6%
CVE-2024-27310 MEDIUM This Month

Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection LDAP Information Disclosure Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2024-5406 MEDIUM This Month

A vulnerability had been discovered in WinNMP 19.02 consisting of an XSS attack via index page in from, subject, text and hash parameters. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-5405 MEDIUM This Month

A vulnerability had been discovered in WinNMP 19.02 consisting of an XSS attack via /tools/redis.php page in the k, hash, key and p parameters. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Redis PHP XSS
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-34923 MEDIUM This Month

In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23, and SVIP1020 Appliance firmware 01.06.00.03 before 01.07.00.00, there is reflected cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-5409 MEDIUM This Month

RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Rhinos
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-5408 MEDIUM This Month

Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "search" parameter of /portal/search.htm. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rhinos
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-35291 MEDIUM This Month

Cross-site scripting vulnerability exists in Splunk Config Explorer versions prior to 1.7.16. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Splunk
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-36384 MEDIUM This Month

Pointsharp Cryptshare Server before 7.0.0 has an XSS issue that is related to notification messages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-36037 MEDIUM This Month

Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2024-36105 MEDIUM PATCH This Month

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-35238 MEDIUM PATCH This Month

Minder by Stacklok is an open source software supply chain security platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-35229 MEDIUM This Month

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-36383 MEDIUM This Month

An issue was discovered in Logpoint SAML Authentication before 6.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Saml Authentication
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-5385 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in oretnom23 Online Car Wash Booking System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Online Car Wash Booking System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-35297 MEDIUM This Month

Cross-site scripting vulnerability exists in WP Booking versions prior to 2.4.5. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-36036 MEDIUM This Month

Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration. Rated medium severity (CVSS 4.2). No vendor patch available.

Authentication Bypass Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
4.2
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy