Skip to main content
CVE-2024-37081 HIGH POC Act Now

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Vcenter Server Cloud Foundation
NVD
CVSS 3.1
7.8
EPSS
5.0%
CVE-2024-38348 HIGH POC This Week

CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Health Care Hospital Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-38347 HIGH POC This Week

CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Health Care Hospital Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37802 HIGH POC This Week

CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Health Care Hospital Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-6128 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Spa Cartcms
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-6116 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Simple Online Hotel Reservation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-6115 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Simple Online Hotel Reservation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-6114 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Monbela Tourist Inn Online Reservation System up to 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Monbela Tourist Inn Online Reservation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-6112 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Pool of Bethesda Online Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pool Of Bethesda Online Reservation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-6111 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Pool of Bethesda Online Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pool Of Bethesda Online Reservation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-6110 MEDIUM POC This Month

A vulnerability was found in itsourcecode Magbanua Beach Resort Online Reservation System up to 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Magbanua Beach Resort Online Reservation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-6084 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Pool of Bethesda Online Reservation System up to 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Pool Of Bethesda Online Reservation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-6129 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Spa Cartcms
NVD VulDB
CVSS 4.0
6.3
EPSS
0.6%
CVE-2024-37800 MEDIUM POC This Month

CodeProjects Restaurant Reservation System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Date parameter at index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Restaurant Reservation System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37080 CRITICAL PATCH Act Now

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow VMware RCE Memory Corruption Vcenter Server
NVD
CVSS 3.1
9.8
EPSS
12.5%
CVE-2024-37079 CRITICAL KEV PATCH THREAT Act Now

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow VMware RCE Memory Corruption Cloud Foundation +1
NVD
CVSS 3.1
9.8
EPSS
22.4%
CVE-2024-38351 MEDIUM POC PATCH This Month

Pocketbase is an open source web backend written in go. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37803 MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProjects Health Care hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Health Care Hospital Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37799 MEDIUM POC This Month

CodeProjects Restaurant Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the reserv_id parameter at view_reservations.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Restaurant Reservation System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-4094 MEDIUM POC This Month

The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Share Buttons Adder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-6109 MEDIUM POC This Month

A vulnerability was found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-37821 HIGH PATCH This Week

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection File Upload RCE Dolibarr Erp Crm
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-38276 HIGH PATCH This Week

Incorrect CSRF token checks resulted in multiple CSRF risks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Fedora Moodle
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5172 MEDIUM POC This Month

The Expert Invoice WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Expert Invoice
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-3276 MEDIUM POC This Month

The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Foobox
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-33620 HIGH This Week

Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2024-38506 HIGH This Week

In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Youtrack
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-36974 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-22002 HIGH This Week

CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged users to insert DLL files in the cuepkg-1.2.6 subdirectory of the installation directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-5275 HIGH This Week

A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-5527 HIGH This Week

The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE WordPress Business Directory
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2024-38275 HIGH PATCH This Week

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Moodle
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-38505 HIGH This Week

In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-6108 MEDIUM This Month

A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-1634 MEDIUM This Month

The Scheduling Plugin - Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Scheduling Plugin
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-21685 MEDIUM This Month

This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Atlassian Jira Data Center Jira Server
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-33622 MEDIUM This Month

Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-0845 MEDIUM This Month

The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Pdf Viewer For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-4375 MEDIUM This Month

The Master Slider - Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_layer' shortcode in all versions up to, and including, 3.9.10 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Master Slider
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5970 MEDIUM This Month

The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's maxgallery_thumb shortcode in all versions up to, and including, 6.4.4 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5533 MEDIUM This Month

The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.25.1 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Divi
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-34024 MEDIUM This Month

Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-38274 MEDIUM PATCH This Month

Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Moodle Fedora
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-37791 MEDIUM This Month

DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the keyword parameter at /article/Content/index?class_id. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
6.0
EPSS
0.6%
CVE-2024-37904 MEDIUM PATCH This Month

Minder is an open source Software Supply Chain Security Platform. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2024-5953 MEDIUM This Month

A denial of service vulnerability was found in the 389-ds-base LDAP server. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2024-36977 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Wait unconditionally after issuing EndXfer command Currently all controller IP/revisions except DWC3_usb3 >= 310a wait. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-36976 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Revert "media: v4l2-ctrls: show all owned controls in log_status" This reverts commit 9801b5b28c6929139d6fceeee8d739cc67bb2739. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-36975 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Do not use WARN when encode fails When asn1_encode_sequence() fails, WARN is not the correct solution. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-38277 MEDIUM PATCH This Month

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Moodle Fedora
NVD
CVSS 3.1
5.4
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy