Skip to main content
CVE-2024-31612 MEDIUM POC This Month

Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to access administrator information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS CSRF Emlog
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-36531 MEDIUM POC This Month

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Egovernment Nukeviet
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-31613 MEDIUM POC This Month

BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name="head_code" or name="foot_code.". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Bosscms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-37169 MEDIUM POC PATCH This Month

@jmondi/url-to-png is a self-hosted URL to PNG utility. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-3850 MEDIUM POC This Month

Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nvr301 04S2 P4 Firmware
NVD GitHub
CVSS 4.0
4.8
EPSS
0.9%
CVE-2024-27838 MEDIUM This Month

The issue was addressed by adding additional logic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
6.5
EPSS
1.3%
CVE-2024-27830 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-27850 MEDIUM This Month

This issue was addressed with improvements to the noise injection algorithm. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Code Injection Safari Ipados Iphone Os +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-27812 MEDIUM This Month

A logic issue was addressed with improved file handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Visionos
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-27800 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-36414 MEDIUM This Month

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Suitecrm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-36407 MEDIUM This Month

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Suitecrm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-35754 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ovic Team Ovic Importer allows Path Traversal.6.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ovic Importer
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-35744 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Upunzipper
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-35743 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sc Filechecker
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-35474 MEDIUM This Month

A Directory Traversal vulnerability in iceice666 ResourcePack Server before v1.0.8 allows a remote attacker to disclose files on the server, via setPath in ResourcePackFileServer.kt. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-5786 MEDIUM This Month

Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-27885 MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2024-27840 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2024-4745 MEDIUM This Month

Missing Authorization vulnerability in RafflePress Giveaways and Contests by RafflePress.12.4. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Rafflepress
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-22244 MEDIUM PATCH This Month

Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Harbor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-36419 MEDIUM This Month

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Suitecrm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-27792 MEDIUM This Month

This issue was addressed by adding an additional prompt for user consent. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-27844 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari macOS Visionos
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-27806 MEDIUM This Month

This issue was addressed with improved environment sanitization. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27805 MEDIUM This Month

An issue was addressed with improved validation of environment variables. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-23282 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apple Information Disclosure Ipados Iphone Os +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-36307 MEDIUM This Month

A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Trend Micro Apex One
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-36306 MEDIUM This Month

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Trend Micro Apex One
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-36359 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-36413 MEDIUM This Month

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Suitecrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-36406 MEDIUM This Month

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Suitecrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35729 MEDIUM This Month

Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.5.2.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-35680 MEDIUM This Month

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons.9.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-37168 MEDIUM PATCH This Month

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-36473 MEDIUM This Month

Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions. Rated medium severity (CVSS 5.3). No vendor patch available.

Trend Micro Denial Of Service Vpn Proxy One
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-35749 MEDIUM This Month

Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Under Construction Maintenance Mode
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-35747 MEDIUM This Month

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.1.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Contact Form Builder
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-35728 MEDIUM This Month

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.0.20. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection WordPress Product Addons Fields For Woocommerce
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-35650 MEDIUM This Month

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security melapress-login-security.3.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-35712 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.0.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Database Cleaner
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-23251 MEDIUM This Month

An authentication issue was addressed with improved state management. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2024-35723 MEDIUM This Month

Missing Authorization vulnerability in Andrew Dashboard To-Do List dashboard-to-do-list.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-27807 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-4746 MEDIUM This Month

Missing Authorization vulnerability in netgsm Netgsm netgsm allows Exploiting Incorrectly Configured Access Control Security Levels.9.32. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-33850 MEDIUM This Month

Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pexip Infinity
NVD
CVSS 3.1
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy