Skip to main content
CVE-2024-28397 MEDIUM POC This Month

An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
4.5%
CVE-2024-6196 MEDIUM POC This Month

A vulnerability was found in itsourcecode Banking Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Banking Management System Project In Php
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-6193 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Vehicle Management System Project In Php And Mysql With Source Code
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-6192 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Loan Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Loan Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-6191 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Student Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-6190 MEDIUM POC This Month

A vulnerability was found in itsourcecode Farm Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Farm Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-6188 MEDIUM POC This Month

A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
6.9
EPSS
2.1%
CVE-2024-6113 MEDIUM POC This Month

A vulnerability was found in itsourcecode Monbela Tourist Inn Online Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Monbela Tourist Inn Online Reservation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-3558 MEDIUM POC This Month

The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_title]' parameter versions up to, and including, 2.6.7 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Custom Field Suite
NVD GitHub
CVSS 3.1
6.4
EPSS
0.9%
CVE-2024-5522 MEDIUM POC This Month

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Html5 Video Player
NVD WPScan
CVSS 3.1
6.5
EPSS
2.6%
CVE-2024-4565 MEDIUM POC This Month

The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Advanced Custom Fields
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-5213 MEDIUM POC PATCH This Month

In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login (`POST /api/request-token`) and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Anythingllm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-31586 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability exists in Computer Laboratory Management System version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Computer Laboratory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-37674 MEDIUM POC This Month

Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Moodle
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-5475 MEDIUM POC This Month

The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Responsive Video Embed
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-38361 MEDIUM POC PATCH This Month

Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Google Spicedb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6195 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System In Php With Source Code
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6194 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System In Php With Source Code
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6187 MEDIUM POC This Month

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Rg Uac Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.6%
CVE-2024-6186 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Rg Uac Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
8.7%
CVE-2024-6185 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Rg Uac Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
9.1%
CVE-2024-6184 MEDIUM POC This Month

A vulnerability classified as critical was found in Ruijie RG-UAC 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Rg Uac Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
9.7%
CVE-2024-6182 MEDIUM POC This Month

A vulnerability was found in LabVantage LIMS 2017. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Labvantage Lims
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6181 MEDIUM POC This Month

A vulnerability was found in LabVantage LIMS 2017. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Labvantage Lims
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-37183 MEDIUM This Month

Plain text credentials and session ID can be captured with a network sniffer. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure L210 F2G Firmware
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-6183 MEDIUM This Month

A vulnerability classified as problematic has been found in EZ-Suite EZ-Partner 5. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ez Partner
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-6154 MEDIUM This Month

Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation RCE Parallels Desktop
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-4742 MEDIUM This Month

The Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Youzify
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-4390 MEDIUM This Month

The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Depicter
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-3204 MEDIUM PATCH This Month

The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Materialis
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-38359 MEDIUM PATCH This Month

The Lightning Network Daemon (lnd) - is a complete implementation of a Lightning Network node. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-29013 MEDIUM This Month

Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service Sonicos
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-5036 MEDIUM PATCH This Month

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Sina Extension For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-4626 MEDIUM This Month

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_type’ and 'id' parameters in all versions up to, and including, 1.0.17 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Jetwidgets For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-5686 MEDIUM This Month

The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wpzoom Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-1168 MEDIUM This Month

The SEOPress - On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social image URL in all versions up to, and including, 7.9 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Seopress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5156 MEDIUM This Month

The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.18.7 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-36071 MEDIUM This Month

Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. Rated medium severity (CVSS 6.3). No vendor patch available.

Privilege Escalation Samsung Microsoft Magician
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-33335 MEDIUM This Month

SQL Injection vulnerability in H3C technology company SeaSQL DWS V2.0 allows a remote attacker to execute arbitrary code via a crafted file. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE SQLi
NVD GitHub
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-30848 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in SilverSky E-mail service version 5.0.3126 allows remote attackers to inject arbitrary web script or HTML via the version parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37222 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.10.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Master Slider
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-38619 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member "uzonesize" of struct alauda_info will remain 0 if. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-38620 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCI_AMP support Since BT_HS has been remove HCI_AMP controllers no longer has any use so remove it along. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-3627 MEDIUM This Month

The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP Wheel Of Life
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-37897 MEDIUM PATCH This Month

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37345 MEDIUM This Month

There is a cross-site scripting vulnerability in the Secure Access administrative UI of Absolute Secure Access prior to version 13.06. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Secure Access
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-37343 MEDIUM This Month

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Secure Access
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-34693 MEDIUM PATCH This Month

Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2024-37346 MEDIUM This Month

There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Secure Access
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-6179 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.1.3 before < 4.3.1. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Supersign Cms
NVD
CVSS 4.0
4.8
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy