Skip to main content
CVE-2024-6065 MEDIUM POC This Month

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bakery Online Ordering System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-6043 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.9%
CVE-2024-6042 MEDIUM POC This Month

A vulnerability was found in itsourcecode Real Estate Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Real Estate Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-4305 MEDIUM POC This Month

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Postx
NVD WPScan
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-37891 MEDIUM POC PATCH This Month

urllib3 is a user-friendly HTTP client library for Python. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Information Disclosure Urllib3 Debian Linux Active Iq Unified Manager
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-36527 MEDIUM POC This Month

puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
6.5
EPSS
2.6%
CVE-2024-6056 MEDIUM POC This Month

A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Laravel Starter
NVD VulDB
CVSS 4.0
6.3
EPSS
0.7%
CVE-2024-37662 MEDIUM POC This Month

TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attacks. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl 7Dr5130 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-37661 MEDIUM POC This Month

TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl 7Dr5130 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-38469 MEDIUM POC This Month

zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /pay.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ibarn
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-38470 MEDIUM POC This Month

zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /own.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ibarn
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37625 MEDIUM POC This Month

zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ibarn
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37624 MEDIUM POC This Month

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Xinhu
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37623 MEDIUM POC This Month

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /kaoqin/tpl_kaoqin_locationchange.html component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xinhu
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37622 MEDIUM POC This Month

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the num parameter at /flow/flow.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Xinhu
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37619 MEDIUM POC This Month

StrongShop v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the spec_group_id parameter at /spec/index.blade.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Strongshop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-37798 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Beauty Parlour Management System
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-37895 MEDIUM POC PATCH This Month

Lobe Chat is an open-source LLMs/AI chat framework. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lobe Chat
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2024-3236 MEDIUM POC This Month

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6067 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Music Class Enrollment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Music Class Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6066 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6058 MEDIUM POC This Month

A vulnerability classified as problematic has been found in LabVantage LIMS 2017. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Laboratory Information Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-37664 MEDIUM POC This Month

Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Redmi Ax6S Firmware
NVD GitHub
CVSS 3.1
5.2
EPSS
0.4%
CVE-2024-6059 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Estate Management
NVD VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-6064 MEDIUM POC PATCH This Month

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Gpac
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-6063 MEDIUM POC PATCH This Month

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-6062 MEDIUM POC PATCH This Month

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-6061 MEDIUM POC PATCH This Month

A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Gpac
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.4%
CVE-2024-37663 MEDIUM POC This Month

Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Redmi Ax6S Firmware
NVD GitHub
CVSS 3.1
4.1
EPSS
0.3%
CVE-2024-37159 MEDIUM PATCH This Month

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Evmos
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-6044 MEDIUM This Month

Certain models of D-Link wireless routers have a path traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-36574 MEDIUM This Month

A Prototype Pollution issue in flatten-json 1.0.1 allows an attacker to execute arbitrary code via module.exports.unflattenJSON (flatten-json/index.js:42). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Prototype Pollution RCE
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-37620 MEDIUM This Month

PHPVOD v4.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /view/admin/view.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37893 MEDIUM PATCH This Month

Firefly III is a free and open source personal finance manager. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-36578 MEDIUM This Month

akbr update 1.0.0 is vulnerable to Prototype Pollution via update/index.js. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-5741 MEDIUM This Month

Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Checkmk
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-36289 MEDIUM This Month

Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-36279 MEDIUM This Month

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-36277 MEDIUM This Month

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Google Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-6082 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in PHPVibe 11.0.46.global.php of the component Global Options Page. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Phpvibe
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-37828 MEDIUM This Month

A stored cross-site scripting (XSS) in Vermeg Agile Reporter v23.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field under the Set. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-6055 MEDIUM This Month

Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Remote Desktop Manager
NVD
CVSS 3.1
4.7
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy