Skip to main content
CVE-2024-6745 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Simple Ticket Booking 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Ticket Booking
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-6740 MEDIUM POC This Month

Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail2000
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-6289 MEDIUM POC This Month

The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Wps Hide Login
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-6076 MEDIUM POC This Month

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Estore
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6074 MEDIUM POC This Month

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Estore
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-6073 MEDIUM POC This Month

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Estore
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-6072 MEDIUM POC This Month

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Estore
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-6739 MEDIUM POC This Month

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mailaudit Mailgates
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6746 MEDIUM POC This Month

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Easyspider
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.3%
CVE-2024-6741 MEDIUM POC This Month

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mail2000
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-6736 MEDIUM POC This Month

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee And Visitor Gate Pass Logging System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6735 MEDIUM POC This Month

A vulnerability was found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-6734 MEDIUM POC This Month

A vulnerability was found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-39826 MEDIUM This Month

Race condition in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Meeting Software Development Kit Workplace Desktop Workplace Virtual Desktop Infrastructure
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-37016 MEDIUM This Month

Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypass via a Capture-Replay approach. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-38493 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Symantec Privileged Access Management
NVD
CVSS 4.0
6.8
EPSS
0.3%
CVE-2024-39767 MEDIUM This Month

Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Mobile
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-27238 MEDIUM This Month

Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Microsoft Meeting Software Development Kit Rooms Workplace Desktop
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-5402 MEDIUM This Month

Unquoted Search Path or Element vulnerability in ABB Mint Workbench. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Mint Workbench
NVD
CVSS 4.0
6.2
EPSS
0.2%
CVE-2024-40627 MEDIUM PATCH This Month

Fastapi OPA is an opensource fastapi middleware which includes auth flow. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.8
EPSS
0.6%
CVE-2024-39827 MEDIUM This Month

Improper input validation in the installer for Zoom Workplace Desktop App for Windows before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Workplace Desktop
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-4224 MEDIUM This Month

An authenticated stored cross-site scripting (XSS) exists in the TP-Link TL-SG1016DE affecting version TL-SG1016DE(UN) V7.6_1.0.0 Build 20230616, which could allow an adversary to run JavaScript in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

TP-Link XSS
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6742 MEDIUM This Month

AguardNet Technology's Space Management System does not properly filter user input, allowing remote attackers with regular privileges to inject JavaScript and perform Reflected Cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Space Management System
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39735 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Datacap Datacap Navigator
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39728 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Datacap Datacap Navigator
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39912 MEDIUM PATCH This Month

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Denial Of Service
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-40555 MEDIUM This Month

Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Tmall Demo
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-38495 MEDIUM This Month

A specific authentication strategy allows a malicious attacker to learn ids of all PAM users defined in its database. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-36457 MEDIUM This Month

The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-6398 MEDIUM This Month

An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Secure Web Gateway
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-32945 MEDIUM This Month

Mattermost Mobile Apps versions <=2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to change the contents of a LateX post, by creating another post. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Mobile
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-6540 MEDIUM This Month

Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6738 MEDIUM This Month

The tumbnail API of Tronclass from WisdomGarden lacks proper access control, allowing unauthenticated remote attackers to obtain certain specific files by modifying the URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tronclass
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-39741 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Datacap Datacap Navigator
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-39740 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap Datacap Navigator
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-39737 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap Datacap Navigator
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-38496 MEDIUM This Month

The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-36458 MEDIUM This Month

The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-39820 MEDIUM This Month

Uncontrolled search path element in the installer for Zoom Workplace Desktop App for macOS before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Workplace Desktop
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2024-38360 MEDIUM PATCH This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-40553 MEDIUM This Month

Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload via the component uploadUserHeadImage. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Tmall Demo
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-39821 MEDIUM This Month

Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user to conduct a denial of service via local access. Rated medium severity (CVSS 4.4). No vendor patch available.

Denial Of Service Microsoft Rooms Workplace Desktop
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-40630 MEDIUM This Month

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-39918 MEDIUM PATCH This Month

@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-39729 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap Datacap Navigator
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-39739 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM Datacap Datacap Navigator
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-37386 MEDIUM This Month

An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.2
EPSS
0.2%
CVE-2024-31946 MEDIUM This Month

An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.41, 3.10.0 through 3.11.29, 4.0 through 4.3.24, and 4.4.0 through 4.7.4. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy