Skip to main content
CVE-2024-5428 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-33802 MEDIUM POC This Month

A SQL injection vulnerability in /model/get_student_subject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-34852 MEDIUM POC This Month

F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Datacube3 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
1.6%
CVE-2024-33804 MEDIUM POC This Month

A SQL injection vulnerability in /model/get_subject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-35583 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Computer Laboratory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-35582 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Computer Laboratory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-35581 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection XSS RCE Computer Laboratory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-33807 MEDIUM POC This Month

A SQL injection vulnerability in /model/get_teacher_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-33803 MEDIUM POC This Month

A SQL injection vulnerability in /model/get_exam.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35511 MEDIUM POC This Month

phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injection via the "username" parameter of /msms/admin/index.php. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Men Salon Management System
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-5434 MEDIUM This Month

The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-30164 MEDIUM This Month

Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Microsoft
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-36112 MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nautobot
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-23580 MEDIUM This Month

HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OTPs). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-23579 MEDIUM This Month

HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-36472 MEDIUM This Month

In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-33849 MEDIUM This Month

ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-28880 MEDIUM This Month

Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the product. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-2451 MEDIUM This Month

Improper fingerprint validation in the TeamViewer Client (Full & Host) prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via. Rated medium severity (CVSS 6.4). No vendor patch available.

Apple Jwt Attack Information Disclosure Microsoft
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-28061 MEDIUM This Month

An issue was discovered in Apiris Kafeo 6.4.4. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-5413 MEDIUM This Month

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/scheduled.php, all parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Phpmybackuppro
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-35401 MEDIUM This Month

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Cp900L Firmware
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.7%
CVE-2024-2199 MEDIUM This Month

A denial of service vulnerability was found in 389-ds-base ldap server. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2024-35400 MEDIUM This Month

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cp900L Firmware
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-35548 MEDIUM This Month

A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-35240 MEDIUM PATCH This Month

Umbraco Commerce is an open source dotnet ecommerce solution. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35239 MEDIUM PATCH This Month

Umbraco Commerce is an open source dotnet web forms solution. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Umbraco Forms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-28793 MEDIUM This Month

IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Engineering Workflow Management
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5433 MEDIUM This Month

The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-36107 MEDIUM PATCH This Month

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-35621 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-35342 MEDIUM This Month

Certain Anpviz products allow unauthenticated users to modify or disable camera related settings such as microphone volume, speaker volume, LED lighting, NTP, motion detection, etc. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-24584 MEDIUM This Month

Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libigl
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-24583 MEDIUM This Month

Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libigl
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy