Skip to main content
CVE-2024-6966 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-41315 MEDIUM POC This Month

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
2.1%
CVE-2024-41314 MEDIUM POC This Month

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
2.1%
CVE-2024-39688 MEDIUM POC This Month

Bert-VITS2 is the VITS2 Backbone with multilingual bert. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Bert Vits2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-29073 MEDIUM POC PATCH THREAT This Month

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Anki
NVD
CVSS 3.1
6.5
EPSS
11.5%
CVE-2024-24507 MEDIUM POC This Month

Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Act On
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6271 MEDIUM POC This Month

The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Community Events
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6969 MEDIUM POC This Month

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Clinic S Patient Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6968 MEDIUM POC This Month

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Clinic S Patient Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6967 MEDIUM POC This Month

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Employee And Visitor Gate Pass Logging System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6243 MEDIUM POC This Month

The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Html Forms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-5529 MEDIUM POC This Month

The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Quicklatex
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-5004 MEDIUM POC This Month

The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cm Popup
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-32152 MEDIUM POC PATCH THREAT This Month

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Anki
NVD
CVSS 3.1
4.3
EPSS
12.1%
CVE-2024-37114 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takashi Matsuyama My Favorites my-favorites allows DOM-Based XSS.4.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-41130 MEDIUM PATCH This Month

llama.cpp provides LLM inference in C/C++. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Llama Cpp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-41828 MEDIUM This Month

In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-41824 MEDIUM This Month

In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-6542 MEDIUM This Month

Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-34457 MEDIUM This Month

On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Streampark
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-38730 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor.1.41. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Magical Addons For Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-38728 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source.DOCX Source: from n/a through 2.16.9. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Seraphinite Post Docx Source
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-38723 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Bernhard Kux JSON Content Importer.5.6. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Json Content Importer
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-37211 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.3.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Aliexpress Dropshipping With Alinext
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37206 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme4Press Demo Awesome allows Reflected XSS.0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Demo Awesome
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37199 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kriesi.At Enfold allows Reflected XSS.6.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enfold
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37117 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Automator Pro allows Reflected XSS.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Uncanny Automator
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37097 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UnitedThemes Shortcodes by United Themes allows Reflected XSS.0.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Shortcodes
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-35656 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elementor Elementor Pro allows Reflected XSS.21.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elementor Pro
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37416 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in J.N. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Photo Album Plus
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37267 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in kaptinlin Striking allows Reflected XSS.3.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Striking
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37264 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Groundhogg Inc. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Groundhogg
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37262 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita allows Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Online Booking Scheduling Calendar
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37258 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Social Rocket allows Reflected XSS.3.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Social Rocket
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37257 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.4.3.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Permalink Manager Lite
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37245 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vsourz Digital All In One Redirection allows Reflected XSS.2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS All In One Redirection
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37432 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Esteem allows Stored XSS.5.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Esteem
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-37271 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Nelson Print My Blog print-my-blog.27.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-37422 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Progress Planner Progress Planner progress-planner.9.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-37239 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Branda branda-white-labeling.4.17. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-37434 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vito Peleg Atarim atarim-visual-collaboration.31. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-37429 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hamid Alinia Login with phone number login-with-phone-number.7.35. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-37229 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AuburnForest Blogmentor - Blog Layouts for Elementor allows Stored XSS.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Blogmentor
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-37409 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack Lite for Beaver Builder powerpack-addon-for-beaver-builder.3.0.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-6638 MEDIUM This Month

An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Labview
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-6122 MEDIUM This Month

An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Systemlink Flexlogger
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-41825 MEDIUM This Month

In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-38503 MEDIUM PATCH This Month

When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Syncope
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-37244 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ninja Team Ninja Beaver Add-ons for Beaver Builder allows Stored XSS.4.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ninja Beaver Add Ons For Beaver Builder
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-37223 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nicdark Restaurant Reservations allows Stored XSS.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Restaurant Food
NVD
CVSS 3.1
5.4
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy