Skip to main content
CVE-2024-7080 MEDIUM POC This Month

A vulnerability was found in SourceCodester Insurance Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Insurance Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.0%
CVE-2024-7066 MEDIUM POC This Month

A vulnerability was found in F-logic DataCube3 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Datacube3 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
3.4%
CVE-2024-7065 MEDIUM POC This Month

A vulnerability was found in Spina CMS up to 2.18.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Spina
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-41666 MEDIUM POC PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Kubernetes Argo Cd
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-40767 MEDIUM POC This Month

In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal Information Disclosure Nova
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-6753 MEDIUM POC This Month

The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mapTypes’ parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Social Auto Poster
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-7081 MEDIUM POC This Month

A vulnerability was found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7069 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0.php?f=delete_department. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee And Visitor Gate Pass Logging System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7068 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Insurance Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Insurance Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7067 MEDIUM POC PATCH This Month

A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization PHP Ecommerce Laravel Bootstrap
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-5067 MEDIUM POC This Month

An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-6094 MEDIUM POC This Month

The WP ULike WordPress plugin before 4.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Ulike
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-7060 MEDIUM This Month

An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-7079 MEDIUM This Month

A flaw was found in the Openshift console. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Openshift Container Platform
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-3297 MEDIUM This Month

An issue in the Certificate Authenticated Session Establishment (CASE) protocol for establishing secure sessions between two devices, as implemented in the Matter protocol versions before Matter 1.1. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Matter
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-5861 MEDIUM PATCH This Month

The WP EasyPay - Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpep_square_disconnect() function in all versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Easypay
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-6751 MEDIUM This Month

The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.14. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Social Auto Poster
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-22444 MEDIUM This Month

A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-40137 MEDIUM PATCH This Month

Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2024-40575 MEDIUM This Month

An issue in Huawei Technologies opengauss (openGauss 5.0.0 build) v.7.3.0 allows a local attacker to cause a denial of service via the modification of table attributes. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Huawei Denial Of Service Opengauss
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-5818 MEDIUM PATCH This Month

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin's Magazine Grid/Slider widget in all versions up to, and including,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Royal Elementor Addons
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-3896 MEDIUM PATCH This Month

The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the Gallery title field in all versions up to, and including, 3.2.19. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Robo Gallery
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6896 MEDIUM PATCH This Month

The AMP for WP - Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Accelerated Mobile Pages
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6930 MEDIUM PATCH This Month

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Booking Calendar
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6629 MEDIUM PATCH This Month

The All-in-One Video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video shortcode in all versions up to, and including, 3.7.1 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS All In One Video Gallery
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-3246 MEDIUM PATCH This Month

The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Litespeed Cache
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-6752 MEDIUM This Month

The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_name’ parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Social Auto Poster
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6571 MEDIUM PATCH This Month

The Optimize Images ALT Text (alt tag) & names for SEO using AI plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure PHP Optimize Images Alt Text Alt Tag Names For Seo Using Ai
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6553 MEDIUM PATCH This Month

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.3.This is due to the plugin utilizing wpdesk and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Wp Meteor
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6755 MEDIUM This Month

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘wpw_auto_poster_quick_delete_multiple’ function in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Social Auto Poster
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-7091 MEDIUM This Month

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where it was possible to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2024-31971 MEDIUM This Month

Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netvanta 3120 Firmware
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-37533 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-21684 MEDIUM This Month

There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Atlassian Bitbucket Data Center
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-6836 MEDIUM PATCH This Month

The Funnel Builder for WordPress by FunnelKit - Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to unauthorized. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Funnel Builder
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-6754 MEDIUM This Month

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the ‘wpw_auto_poster_update_tweet_template’ function in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Social Auto Poster
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy