Skip to main content
CVE-2024-5984 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Bookstore 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Book Store Project
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-5983 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Bookstore 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Book Store Project
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-37889 MEDIUM POC PATCH This Month

MyFinances is a web application for managing finances. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Myfinances
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-1295 MEDIUM POC This Month

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure The Events Calendar
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-37312 MEDIUM POC PATCH This Month

user_oidc app is an OpenID Connect user backend for Nextcloud. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Nextcloud User Oidc
NVD GitHub
CVSS 3.1
6.3
EPSS
0.6%
CVE-2024-36599 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Life Insurance Management System
NVD Exploit-DB GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-36656 MEDIUM POC This Month

In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript code and achieve a reflected Cross-site Scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Minthcm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-5155 MEDIUM POC This Month

The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Inquiry Cart
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-4480 MEDIUM POC This Month

The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Prayer
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-3966 MEDIUM POC This Month

The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pray For Me
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-4270 MEDIUM POC This Month

The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Svgmagic
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-3978 MEDIUM POC This Month

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wordpress Jitsi Shortcode
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3965 MEDIUM POC This Month

The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Pray For Me
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-5985 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Best Online News Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5981 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online House Rental System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online House Rental System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-4005 MEDIUM POC This Month

The Social Pixel WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Social Pixel
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-3992 MEDIUM POC This Month

The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Amen
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-3977 MEDIUM POC This Month

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wordpress Jitsi Shortcode
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-3754 MEDIUM POC This Month

The Alemha watermarker WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Alemha Watermark
NVD WPScan
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-4271 MEDIUM POC This Month

The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Svgator
NVD WPScan
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-3993 MEDIUM POC This Month

The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Azan
NVD WPScan
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-2218 MEDIUM POC This Month

The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Luckywp Table Of Contents
NVD WPScan
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-4751 MEDIUM POC This Month

The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Prayer
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-3972 MEDIUM POC This Month

The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Similarity
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-3971 MEDIUM POC This Month

The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Similarity
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-2122 MEDIUM PATCH This Month

The Best WordPress Gallery Plugin - FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Foogallery
NVD
CVSS 3.1
6.4
EPSS
5.1%
CVE-2024-6003 MEDIUM This Month

A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-5731 MEDIUM This Month

A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-27157 MEDIUM This Month

The sessions are stored in clear-text logs. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-27156 MEDIUM This Month

The session cookies, used for authentication, are stored in clear-text logs. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-27180 MEDIUM This Month

An attacker with admin access can install rogue applications. Rated medium severity (CVSS 6.7), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-27146 MEDIUM This Month

The Toshiba printers do not implement privileges separation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-27163 MEDIUM This Month

Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-4863 MEDIUM PATCH This Month

The Gutenberg Blocks with AI by Kadence WP - Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Gutenberg Blocks With Ai
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-5994 MEDIUM This Month

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS WordPress Wp Go Maps
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-33373 MEDIUM This Month

An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Bl W1210M Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-27161 MEDIUM This Month

all the Toshiba printers have programs containing a hardcoded key used to encrypt files. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-27160 MEDIUM This Month

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-27159 MEDIUM This Month

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-27154 MEDIUM This Month

Passwords are stored in clear-text logs. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-37888 MEDIUM This Month

The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Link
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-23442 MEDIUM This Month

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Open Redirect Kibana
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37182 MEDIUM PATCH This Month

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Desktop
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-27162 MEDIUM This Month

Toshiba printers provide a web interface that will load the JavaScript file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
21.2%
CVE-2024-27142 MEDIUM This Month

Toshiba printers use XML communication for the API endpoint provided by the printer. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2024-27141 MEDIUM This Month

Toshiba printers use XML communication for the API endpoint provided by the printer. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2024-25142 MEDIUM PATCH This Month

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Apache Information Disclosure Airflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-5465 MEDIUM This Month

Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-36503 MEDIUM This Month

Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-36502 MEDIUM This Month

Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy