Skip to main content
CVE-2024-2177 MEDIUM POC This Month

A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-6170 MEDIUM POC PATCH This Month

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘email’ parameter in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Unlimited Elements For Elementor Free Widgets Addons Templates Elementor
NVD GitHub
CVSS 3.1
6.4
EPSS
0.6%
CVE-2024-39181 MEDIUM POC This Month

Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered to contain a buffer overflow via the ApCliSsid parameter in thegenerate_conf_router() function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Lbt T300 T400 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-6169 MEDIUM POC PATCH This Month

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Unlimited Elements For Elementor Free Widgets Addons Templates Elementor
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-38963 MEDIUM POC This Month

Nopcommerce 4.70.1 is vulnerable to Cross Site Scripting (XSS) via the combined "AddProductReview.Title" and "AddProductReview.ReviewText" parameter(s) (Reviews) when creating a new review. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nopcommerce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-38959 MEDIUM POC This Month

Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the string. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Academy Lms
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-37830 MEDIUM POC This Month

An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Outline
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-40742 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-40741 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40740 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40739 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40738 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40737 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40736 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40735 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40734 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/add/. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40733 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40732 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/add/. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40731 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40730 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40729 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/add/. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40728 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40727 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40726 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-38972 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6334 MEDIUM POC This Month

The Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Table Of Contents
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40035 MEDIUM POC This Month

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-39118 MEDIUM POC PATCH This Month

Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Advanced Backups
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-39031 MEDIUM POC PATCH This Month

In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Silverpeas
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-40038 MEDIUM POC This Month

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-5802 MEDIUM POC This Month

The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Url Shortener
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-3410 MEDIUM POC This Month

The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Footer Contacts Bar
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-37520 MEDIUM This Month

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme ShopBuilder - Elementor WooCommerce Builder Addons. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress LFI PHP
NVD VulDB
CVSS 3.1
6.5
EPSS
1.6%
CVE-2024-38065 MEDIUM PATCH This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-38058 MEDIUM PATCH This Month

BitLocker Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-26184 MEDIUM PATCH This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8). This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Authentication Bypass Windows 10 21h2 Windows 10 22h2 Windows 11 21H2 +4
NVD
CVSS 3.1
6.8
EPSS
1.0%
CVE-2024-27386 MEDIUM This Month

A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for tx coming. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 1380 Firmware Exynos 1480 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-27385 MEDIUM This Month

A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for rx coming. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 1380 Firmware Exynos 1480 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-38013 MEDIUM PATCH This Month

Microsoft Windows Server Backup Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-4862 MEDIUM PATCH This Month

The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wpbits Addons For Elementor Page Builder Elementor
NVD
CVSS 3.1
6.4
EPSS
1.0%
CVE-2024-5992 MEDIUM This Month

The Cliengo - Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_chatbot_token' and 'update_chatbot_position' functions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-21993 MEDIUM This Month

SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability which could allow an authenticated attacker to discover plaintext credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Snapcenter
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-6237 MEDIUM This Month

A flaw was found in the 389 Directory Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Directory Server 389 Directory Server Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-38105 MEDIUM PATCH This Month

Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-38102 MEDIUM PATCH This Month

Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-38101 MEDIUM PATCH This Month

Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-38048 MEDIUM PATCH This Month

Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-38030 MEDIUM PATCH This Month

Windows Themes Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.5
EPSS
51.1%
CVE-2024-38027 MEDIUM PATCH This Month

Windows Line Printer Daemon Service Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-38020 MEDIUM PATCH This Month

Microsoft Outlook Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft 365 Apps Office Office Long Term Servicing Channel +1
NVD
CVSS 3.1
6.5
EPSS
1.8%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy