Skip to main content
CVE-2024-6808 MEDIUM POC This Month

A vulnerability was found in itsourcecode Simple Task List 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Task List
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-38446 MEDIUM POC This Month

NATO NCI ANET 3.4.1 mishandles report ownership. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Advisor Network
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-40402 MEDIUM POC This Month

A SQL injection vulnerability was found in 'ajax.php' of Sourcecodester Simple Library Management System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Library Management System
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-40636 MEDIUM POC PATCH This Month

Steeltoe is an open source project that provides a collection of libraries that helps users build production-grade cloud-native applications using externalized configuration, service discovery,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6830 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Simple Inventory Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Inventory Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6803 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Document Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Document Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6802 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Computer Laboratory Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
9.8%
CVE-2024-6801 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Online Student Management System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Student Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-6595 MEDIUM POC This Month

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Node.js Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-20416 MEDIUM This Month

A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-20396 MEDIUM This Month

A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Teams
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-40617 MEDIUM This Month

Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Network Edgiot Gw1500 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2024-5582 MEDIUM This Month

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Schema Structured Data For Wp Amp
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-5255 MEDIUM This Month

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_dual_color shortcode in all versions up to, and including, 3.19.20 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Ultimate Addons For Wpbakery Page Builder WPBakery Page Builder
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5254 MEDIUM This Month

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_info_banner shortcode in all versions up to, and including, 3.19.20 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Ultimate Addons For Wpbakery Page Builder WPBakery Page Builder
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5253 MEDIUM This Month

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ult_team shortcode in all versions up to, and including, 3.19.20 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Ultimate Addons For Wpbakery Page Builder WPBakery Page Builder
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5252 MEDIUM This Month

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_info_table shortcode in all versions up to, and including, 3.19.20 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Ultimate Addons For Wpbakery Page Builder WPBakery Page Builder
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5251 MEDIUM This Month

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_pricing shortcode in all versions up to, and including, 3.19.20 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Ultimate Addons For Wpbakery Page Builder WPBakery Page Builder
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-6833 MEDIUM PATCH This Month

A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-29120 MEDIUM PATCH This Month

In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Streampark
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-6669 MEDIUM PATCH This Month

The AI ChatBot for WordPress - WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.7 due to insufficient input. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wpbot
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-41010 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix too early release of tcx_entry Pedro Pinto and later independently also Hyunwoo Kim and Wongi Lee reported an issue that. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-41009 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-39126 MEDIUM PATCH This Month

Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Roundup
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39125 MEDIUM PATCH This Month

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Roundup
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39124 MEDIUM PATCH This Month

In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Roundup
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-32981 MEDIUM PATCH This Month

Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Framework
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-28796 MEDIUM This Month

IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Rational Clearquest
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39863 MEDIUM PATCH This Month

Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Apache XSS Airflow
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2024-40633 MEDIUM PATCH This Month

Sylius is an Open Source eCommerce Framework on Symfony. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6535 MEDIUM PATCH This Month

A flaw was found in Skupper. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Service Interconnect
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-20400 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Telepresence Video Communication Server
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-29737 MEDIUM PATCH This Month

In streampark, the project module integrates Maven's compilation capabilities. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Streampark
NVD
CVSS 3.1
4.7
EPSS
1.1%
CVE-2024-5703 MEDIUM PATCH This Month

The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Email Subscribers Newsletters
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-6033 MEDIUM PATCH This Month

The Event Manager, Events Calendar, Tickets, Registrations - Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'import_file'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Eventin
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-29885 MEDIUM PATCH This Month

silverstripe/reports is an API for creating backend reports in the Silverstripe Framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Reports
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-31979 MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Apache Streampipes
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy