Skip to main content
CVE-2024-6368 MEDIUM POC This Month

A vulnerability was found in LabVantage LIMS 2017. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Laboratory Information Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6367 MEDIUM POC This Month

A vulnerability was found in LabVantage LIMS 2017. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Laboratory Information Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-4664 MEDIUM POC This Month

The WP Chat App WordPress plugin before 3.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Chat App
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-5655 HIGH This Week

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
8.8
EPSS
7.5%
CVE-2024-39153 MEDIUM POC This Month

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-6085 HIGH This Week

A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.0
8.6
EPSS
0.6%
CVE-2024-4578 HIGH This Week

This Advisory describes an issue that impacts Arista Wireless Access Points. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
CVSS 3.1
8.4
EPSS
0.5%
CVE-2024-39133 MEDIUM POC This Month

Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the __zzip_parse_root_directory() function at /zzip/zip.c. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service Zziplib
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-6086 MEDIUM POC This Month

In version 1.2.7 of lunary-ai/lunary, any authenticated user, regardless of their role, can change the name of an organization due to improper access control. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-1330 MEDIUM POC This Month

The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Kadence Blocks Pro
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-39207 HIGH This Week

lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-39157 LOW POC Monitor

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
3.8
EPSS
0.2%
CVE-2024-39156 LOW POC Monitor

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
3.8
EPSS
0.2%
CVE-2024-39130 HIGH This Week

A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function DumpOneStream() at /src/DumpStream.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-38523 HIGH This Week

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass XSS CSRF
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-3043 HIGH This Week

An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-31916 HIGH This Week

IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Openbmc
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-24792 HIGH PATCH This Week

Parsing a corrupt or malicious image with invalid color indices can cause a panic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-6323 HIGH This Week

Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-5824 HIGH PATCH This Week

A path traversal vulnerability in the `/set_personality_config` endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the `configs/config.yaml` file. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 3.0
7.4
EPSS
0.4%
CVE-2024-4395 HIGH This Week

The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation. Rated high severity (CVSS 7.3). No vendor patch available.

Privilege Escalation Apple
NVD GitHub
CVSS 4.0
7.3
EPSS
0.2%
CVE-2024-6139 HIGH This Week

A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.0
7.3
EPSS
0.5%
CVE-2024-36074 HIGH This Week

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-36073 HIGH This Week

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the shadowing component of the Endpoint Protector and Unify agent. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-36755 MEDIUM This Month

D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

D-Link Information Disclosure Dir 1950 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-22260 MEDIUM This Month

VMware Workspace One UEM update addresses an information exposure vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure VMware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-3331 MEDIUM This Month

Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-5642 MEDIUM This Month

CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure OpenSSL
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-39132 MEDIUM This Month

A NULL Pointer Dereference vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function VerifyCommandLine() at /src/DumpTS.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-36075 MEDIUM This Month

The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due to the way an archive obtained from the Endpoint Protector. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-3017 MEDIUM This Month

In a Silicon Labs multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor (RCP) causes the OpenThread Border Router(OTBR) application task running on the. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-4557 MEDIUM This Month

Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-3959 MEDIUM This Month

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-1493 MEDIUM This Month

An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-4983 MEDIUM PATCH This Month

The The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress The Plus Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-5289 MEDIUM This Month

The Gutenberg Blocks with AI by Kadence WP - Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS WordPress Gutenberg Blocks With Ai
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-6262 MEDIUM This Month

The Portfolio Gallery - Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5601 MEDIUM PATCH This Month

The Create by Mediavine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Schema Meta shortcode in all versions up to, and including, 1.9.7 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Create
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-4570 MEDIUM PATCH This Month

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Elementor Addon Elements Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-4569 MEDIUM PATCH This Month

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Elementor Addon Elements Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-39209 MEDIUM This Month

luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE
NVD GitHub
CVSS 3.1
6.3
EPSS
1.0%
CVE-2024-31802 MEDIUM This Month

DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR code. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-31883 MEDIUM This Month

IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Denial Of Service Security Verify Access
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-6388 MEDIUM PATCH This Month

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Ubuntu Ubuntu Advantage Desktop Daemon
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-1816 MEDIUM This Month

An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-6283 MEDIUM This Month

The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Dethemekit For Elementor Elementor
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-4901 MEDIUM This Month

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
32.8%
CVE-2024-22276 MEDIUM This Month

VMware Cloud Director Object Storage Extension contains an Insertion of Sensitive Information vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure VMware
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-39129 MEDIUM This Month

Heap Buffer Overflow vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function PushTSBuf() at /src/PayloadBuf.cpp. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6374 MEDIUM This Month

A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as problematic.php of the component Subject Page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy