Skip to main content
CVE-2024-5976 MEDIUM POC This Month

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee And Visitor Gate Pass Logging System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-5947 MEDIUM POC This Month

Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dse855 Firmware
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2024-3032 MEDIUM POC This Month

Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Builder
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-33253 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Openeclass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-37308 MEDIUM POC PATCH This Month

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `_recipe_settings[post_title]` parameter in versions up to, and including, 1.7.15.4 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Cooked
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-36647 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Church CRM v5.8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Family Name parameter under. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Churchcrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-2762 MEDIUM POC This Month

The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Foogallery
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-37309 MEDIUM POC PATCH This Month

CrateDB is a distributed SQL database. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

OpenSSL Denial Of Service Cratedb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-4149 MEDIUM POC This Month

The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Floating Chat Widget
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-0979 MEDIUM PATCH This Month

The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Dashboard Widgets Suite
NVD
CVSS 3.1
6.1
EPSS
3.5%
CVE-2024-4615 MEDIUM This Month

The Elespare - Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Elespare
NVD
CVSS 3.1
6.4
EPSS
1.1%
CVE-2024-5265 MEDIUM This Month

The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link attribute within the vc_single_image shortcode in all versions up to, and including, 7.6. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wpbakery Page Builder Clipboard WPBakery Page Builder
NVD
CVSS 3.1
6.4
EPSS
0.6%
CVE-2024-0103 MEDIUM This Month

NVIDIA Triton Inference Server for Linux contains a vulnerability where a user may cause an incorrect Initialization of resource by network issue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nvidia Triton Inference Server
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-5952 MEDIUM This Month

Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dse855 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-5951 MEDIUM This Month

Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dse855 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-5949 MEDIUM This Month

Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dse855 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-38312 MEDIUM This Month

When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-36588 MEDIUM This Month

An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-37307 MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Cilium
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-5787 MEDIUM PATCH This Month

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Powerpack Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-5757 MEDIUM PATCH This Month

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Elementor Header Footer Blocks Template Elementor
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-1565 MEDIUM PATCH This Month

The EmbedPress - Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google XSS WordPress Embedpress
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-32918 MEDIUM This Month

Permission Bypass allowing attackers to disable HDCP 2.2 encryption by not completing the HDCP Key Exchange initialization steps. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Android
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-36395 MEDIUM This Month

Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Workforce Optimization
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-36216 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-32856 MEDIUM This Month

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Xps 8960 Firmware Xps 8950 Firmware Inspiron 3502 Firmware +20
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-5661 MEDIUM This Month

An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Citrix Xenserver Hypervisor
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-32916 MEDIUM This Month

In fvp_freq_histogram_init of fvp.c, there is a possible Information Disclosure due to uninitialized data. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-32897 MEDIUM This Month

In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() of protocolsmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-0094 MEDIUM This Month

NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where an untrusted guest VM can cause improper control of the interaction frequency in the host. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-0093 MEDIUM This Month

NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Virtual Gpu Cloud Gaming
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0092 MEDIUM This Month

NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Microsoft Gpu Display Driver Virtual Gpu +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0086 MEDIUM This Month

NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Nvidia Denial Of Service Virtual Gpu Cloud Gaming
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-32930 MEDIUM This Month

In plugin_ipc_handler of slc_plugin.c, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-32926 MEDIUM This Month

there is a possible information disclosure due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-32914 MEDIUM This Month

In tpu_get_int_state of tpu.c, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-32912 MEDIUM This Month

there is a possible persistent Denial of Service due to test/debugging code left in a production build. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-32910 MEDIUM This Month

In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-32893 MEDIUM This Month

In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-29785 MEDIUM This Month

In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-29780 MEDIUM This Month

In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-37877 MEDIUM This Month

UERANSIM before 3.2.6 allows out-of-bounds read when a RLS packet is sent to gNodeB with malformed PDU length. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-34130 MEDIUM PATCH This Month

Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Adobe Google Acrobat Reader
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-34113 MEDIUM PATCH This Month

ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Coldfusion
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-30472 MEDIUM This Month

Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Telemetry Dashboard
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2024-30278 MEDIUM This Month

Media Encoder versions 23.6.5, 24.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Media Encoder
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-30285 MEDIUM This Month

Audition versions 24.2, 23.6.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service condition. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Audition
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-30276 MEDIUM This Month

Audition versions 24.2, 23.6.4 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Audition
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2024-30058 MEDIUM This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-30057 MEDIUM PATCH This Month

Microsoft Edge for iOS Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Information Disclosure Microsoft Edge
NVD
CVSS 3.1
5.4
EPSS
0.4%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy