Skip to main content
CVE-2024-7106 MEDIUM POC This Month

A vulnerability classified as problematic was found in Spina CMS 2.18.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Spina
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-41808 MEDIUM POC This Month

The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openobserve
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-40324 MEDIUM POC This Month

A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection E Staff
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-7101 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in ForIP Tecnologia Administração PABX 1.x. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-29068 MEDIUM PATCH This Month

In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Denial Of Service Snapd
NVD GitHub
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-6972 MEDIUM This Month

In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Octopus Server
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-6558 MEDIUM This Month

HMS Industrial Networks Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Anybus Compactcom 30 Module Ethernet Ip Firmware Anybus Compactcom 30 Module Usb Without Housing Firmware
NVD
CVSS 4.0
6.3
EPSS
0.3%
CVE-2024-36111 MEDIUM This Month

KubePi is a K8s panel. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes
NVD GitHub
CVSS 3.1
6.3
EPSS
8.4%
CVE-2024-3938 MEDIUM This Month

The "reset password" login page accepted an HTML injection via URL parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Dotcms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41809 MEDIUM PATCH This Month

OpenObserve is an open-source observability platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Openobserve
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-41801 MEDIUM PATCH This Month

OpenProject is open source project management software. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Apache Open Redirect Openproject
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-38103 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-39674 MEDIUM This Month

Plaintext vulnerability in the Gallery search module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-39671 MEDIUM This Month

Access control vulnerability in the security verification module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-39670 MEDIUM This Month

Privilege escalation vulnerability in the account synchronisation module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-28772 MEDIUM This Month

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Security Directory Integrator Security Directory Server Security Verify Access
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41707 MEDIUM This Month

An issue was discovered in Archer Platform 6 before 2024.06. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41706 MEDIUM This Month

A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41705 MEDIUM This Month

A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7047 MEDIUM This Month

A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7105 MEDIUM This Month

A vulnerability classified as critical has been found in ForIP Tecnologia Administração PABX 1.x. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Administracao Pabx
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-41806 MEDIUM This Month

The Open edX Platform is a learning management platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Juniper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-7057 MEDIUM This Month

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy