Skip to main content
CVE-2024-32228 MEDIUM POC This Month

FFmpeg 7.0 is vulnerable to Buffer Overflow. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-36990 MEDIUM POC This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Splunk Splunk Cloud Platform
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-39853 MEDIUM POC This Month

adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function parse. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Swiper
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-38997 MEDIUM POC This Month

adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Swiper
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-39002 MEDIUM POC This Month

rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function util.clone. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Denial Of Service Jsonic
NVD GitHub
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-39001 MEDIUM POC PATCH This Month

ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Ag Grid Ag Charts
NVD GitHub
CVSS 3.1
6.3
EPSS
0.8%
CVE-2024-37146 MEDIUM POC This Month

Flowise is a drag & drop user interface to build a customized large language model flow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flowise
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-37145 MEDIUM POC This Month

Flowise is a drag & drop user interface to build a customized large language model flow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flowise
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-36423 MEDIUM POC This Month

Flowise is a drag & drop user interface to build a customized large language model flow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flowise
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-36422 MEDIUM POC This Month

Flowise is a drag & drop user interface to build a customized large language model flow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flowise
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-38953 MEDIUM POC This Month

phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpok
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-4934 MEDIUM POC This Month

The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Quiz And Survey Master
NVD WPScan
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-37764 MEDIUM POC This Month

MachForm up to version 19 is affected by an authenticated stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Machform
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-37763 MEDIUM POC This Month

MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms results. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Machform
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-36993 MEDIUM POC This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-6419 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Medicine Tracker System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Medicine Tracker System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-6130 MEDIUM POC This Month

The Form Maker by 10Web WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Form Maker
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-20399 MEDIUM KEV THREAT This Month

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device.

NVD
CVSS 3.1
6.0
EPSS
0.8%
CVE-2024-20081 MEDIUM This Month

In gnss service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Yocto Rdk B +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-20079 MEDIUM This Month

In gnss service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-36987 MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk File Upload Cloud
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-6375 MEDIUM PATCH This Month

A command for refining a collection shard key is missing an authorization check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass MongoDB
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-21460 MEDIUM This Month

Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qcm8550 Firmware Qcs8550 Firmware +10
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-39000 MEDIUM This Month

adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution RCE Denial Of Service Swiper
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-39018 MEDIUM This Month

harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the function "query". Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Prototype Pollution RCE Denial Of Service
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-38990 MEDIUM This Month

Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function mergeDeep. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Denial Of Service
NVD GitHub
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-38987 MEDIUM This Month

aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Prototype Pollution RCE Denial Of Service
NVD GitHub
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-39430 MEDIUM This Month

In faceid servive, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-39429 MEDIUM This Month

In faceid servive, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-36986 MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Cloud
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-21462 MEDIUM This Month

Transient DOS while loading the TA ELF file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Aqt1000 Firmware Ar8031 Firmware +305
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-39310 MEDIUM This Month

The Basil recipe theme for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `post_title` parameter in versions up to, and including, 2.0.4 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-23737 MEDIUM This Month

Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atlassian S Notify
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-39303 MEDIUM PATCH This Month

Weblate is a web based localization tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Weblate
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-36994 MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-36992 MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39313 MEDIUM PATCH This Month

toy-blog is a headless content management system implementation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Toy Blog
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-39879 MEDIUM This Month

In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-39878 MEDIUM This Month

In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-36996 MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6050 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation vulnerability in SOKRATES-software SOWA OPAC allows a Reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sowa Opac
NVD
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-34696 MEDIUM PATCH This Month

GeoServer is an open source server that allows users to share and edit geospatial data. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Geoserver
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-3122 MEDIUM This Month

CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-39314 MEDIUM This Month

toy-blog is a headless content management system implementation. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-39428 MEDIUM This Month

In trusty service, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-39427 MEDIUM This Month

In trusty service, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-36989 MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Cloud
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-38480 MEDIUM This Month

"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Google
NVD
CVSS 3.1
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy