Skip to main content
CVE-2024-38892 MEDIUM POC This Month

An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wn551K1 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-4499 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Lollms
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-34312 MEDIUM POC This Month

Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Virtual Programming Lab
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-37732 MEDIUM POC THREAT This Month

Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Anchor Cms
NVD
CVSS 3.1
6.1
EPSS
16.0%
CVE-2024-37680 MEDIUM POC This Month

Hangzhou Meisoft Information Technology Co., Ltd. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Finesoft
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-37679 MEDIUM POC This Month

Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Finesoft
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-4900 MEDIUM POC This Month

The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Seopress
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-38897 MEDIUM POC This Month

WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wn551K1 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-38896 MEDIUM POC This Month

WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wn551K1 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-38895 MEDIUM POC This Month

WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wn551K1 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-38894 MEDIUM POC This Month

WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wn551K1 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-37678 MEDIUM POC This Month

Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Command Injection Finesoft
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-6280 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-6279 MEDIUM POC This Month

A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6278 MEDIUM POC This Month

A vulnerability has been found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-6277 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in lahirudanushka School Management System 1.0.0/1.0.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-6276 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1.php of the component Teacher Page. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-6275 MEDIUM POC This Month

A vulnerability classified as critical was found in lahirudanushka School Management System 1.0.0/1.0.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-6274 MEDIUM POC This Month

A vulnerability classified as critical has been found in lahirudanushka School Management System 1.0.0/1.0.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-4899 MEDIUM POC This Month

The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress XSS Seopress
NVD WPScan
CVSS 3.1
5.0
EPSS
0.3%
CVE-2024-38903 MEDIUM POC This Month

H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Magic R230 Firmware
NVD GitHub
CVSS 3.1
4.1
EPSS
0.4%
CVE-2024-6285 MEDIUM PATCH This Month

Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Integer Overflow Authentication Bypass Rcar Gen3
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-37681 MEDIUM This Month

An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-39337 MEDIUM This Month

Click Studios Passwordstate Core before 9.8 build 9858 allows Authentication Bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-36038 MEDIUM This Month

Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server option. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zoho
NVD
CVSS 3.1
6.3
EPSS
1.4%
CVE-2024-27136 MEDIUM PATCH This Month

XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Jspwiki
NVD
CVSS 3.1
6.1
EPSS
59.4%
CVE-2024-24554 MEDIUM This Month

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Bludit
NVD
CVSS 4.0
6.0
EPSS
0.2%
CVE-2024-22168 MEDIUM This Month

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS
NVD
CVSS 4.0
5.9
EPSS
0.3%
CVE-2024-24553 MEDIUM This Month

Bludit uses the SHA-1 hashing algorithm to compute password hashes. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Bludit
NVD
CVSS 4.0
5.9
EPSS
0.2%
CVE-2024-24552 MEDIUM This Month

A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Session Fixation Bludit
NVD
CVSS 4.0
5.6
EPSS
0.4%
CVE-2024-33847 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: don't allow unaligned truncation on released compress inode f2fs image may be corrupted after below testcase: -. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-6104 MEDIUM PATCH This Month

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Retryablehttp
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-39292 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: um: Add winch to winch_handlers before registering winch IRQ Registering a winch IRQ is racy, an interrupt may occur before the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-38663 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()"), each. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-37026 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Only use reserved BCS instances for usm migrate exec queue The GuC context scheduling queue is 2 entires deep, thus it is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-37021 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-36479 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fpga: bridge: add owner module and take its refcount The current implementation of the fpga bridge assumes that the low-level. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-35247 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fpga: region: add owner module and take its refcount The current implementation of the fpga region assumes that the low-level. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-4754 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Stored XSS.6.4.4 before. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-37825 MEDIUM This Month

An issue in EnvisionWare Computer Access & Reservation Control SelfCheck v1.0 (fixed in OneStop 3.2.0.27184 Hotfix May 2024) allows unauthenticated attackers on the same network to perform a. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3264 MEDIUM This Month

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia Technology Inc. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-33881 MEDIUM This Month

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Sharepoint Bulk File Download
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-33880 MEDIUM This Month

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Sharepoint Bulk File Download
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-34030 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: PCI: of_property: Return error for int_map allocation failure Return -ENOMEM from of_pci_prop_intr_map() if kcalloc() fails to. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-32936 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: media: ti: j721e-csi2rx: Fix races while restarting DMA After the frame is submitted to DMA, it may happen that the submitted list. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-38369 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-37233 MEDIUM This Month

Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly Constrained by ACLs.Ht: from n/a through 3.6.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy