Skip to main content
CVE-2024-5570 MEDIUM POC This Month

The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Simple Photoswipe
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-38522 MEDIUM POC PATCH This Month

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Hush Line
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-5737 MEDIUM POC This Month

Script afGdStream.php in AdmirorFrames Joomla!. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP XSS Admirorframes
NVD GitHub
CVSS 4.0
6.3
EPSS
1.1%
CVE-2024-5735 MEDIUM POC This Month

Full Path Disclosure vulnerability in AdmirorFrames Joomla!. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Information Disclosure Admirorframes
NVD GitHub
CVSS 4.0
6.3
EPSS
1.5%
CVE-2024-38521 MEDIUM POC This Month

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hush Line
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-5730 MEDIUM POC This Month

The Pagerank tools WordPress plugin through 1.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pagerank Tools
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-5729 MEDIUM POC This Month

The Simple AL Slider WordPress plugin through 1.2.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Al Slider
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-37741 MEDIUM POC This Month

OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openplc V3 Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5728 MEDIUM POC This Month

The Animated AL List WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Animated Al List
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-5727 MEDIUM POC This Month

The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Widget4Call
NVD WPScan
CVSS 3.1
4.7
EPSS
0.6%
CVE-2024-38533 MEDIUM This Month

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-35156 MEDIUM This Month

IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Mq
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-25031 MEDIUM This Month

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Defender
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-35155 MEDIUM This Month

IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Mq
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-5662 MEDIUM This Month

The Ultimate Post Kit Addons For Elementor - (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) plugin for WordPress is vulnerable to Stored. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-5796 MEDIUM This Month

The Infinite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘project_url’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-5788 MEDIUM This Month

The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-6296 MEDIUM This Month

The Stackable - Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ parameter in all versions up to, and including, 3.13.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5925 MEDIUM This Month

The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 2.0 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5922 MEDIUM This Month

The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5424 MEDIUM This Month

The Gallery Blocks with Lightbox. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-35137 MEDIUM This Month

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Docker Security Access Manager
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-39828 MEDIUM This Month

R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-3801 MEDIUM This Month

Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in one of GET header parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS S M Cms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-3800 MEDIUM This Month

Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in requested file names. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS S M Cms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-30109 MEDIUM This Month

HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dryice Aex
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-25053 MEDIUM This Month

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Cognos Analytics
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-39347 MEDIUM This Month

Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Synology Router Manager
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-35139 MEDIUM This Month

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker IBM Security Access Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-37137 MEDIUM This Month

Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Cloudlink
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-2795 MEDIUM This Month

The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.1 via META description. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-5863 MEDIUM This Month

The Easy Image Collage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_image_collage() function in all versions up to, and including,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-25041 MEDIUM This Month

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cognos Analytics
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-39352 MEDIUM This Month

A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Synology Bc500 Firmware Tc500 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-6288 MEDIUM This Month

The Conversios - Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktok_user_id’. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress XSS Google
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-38518 MEDIUM This Month

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-5864 MEDIUM This Month

The Easy Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eafl_reset_settings AJAX action in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy