Skip to main content
CVE-2024-6922 MEDIUM POC THREAT This Month

Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 4.0
6.9
EPSS
30.2%
CVE-2024-41355 MEDIUM POC This Month

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpipam
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-6490 MEDIUM POC This Month

During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Master Slider
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-41373 MEDIUM POC This Month

ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Icecoder
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-41375 MEDIUM POC This Month

ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/terminal-xhr.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Icecoder
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41374 MEDIUM POC This Month

ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Icecoder
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-7120 MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Msg2300 Firmware Msg2100E Firmware Msg2200 Firmware +1
NVD VulDB
CVSS 4.0
5.3
EPSS
93.4%
CVE-2024-7119 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7118 MEDIUM POC This Month

A vulnerability classified as critical was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7117 MEDIUM POC This Month

A vulnerability classified as critical has been found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7116 MEDIUM POC This Month

A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7115 MEDIUM POC This Month

A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7114 MEDIUM POC This Month

A vulnerability was found in Tianchoy Blog up to 1.8.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blog
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-41356 MEDIUM POC This Month

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\firewall-zones\zones-edit-network.php. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpipam
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-41685 MEDIUM This Month

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sy Gpon 1110 Wdont Firmware
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-41684 MEDIUM This Month

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router's web management interface. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sy Gpon 1110 Wdont Firmware
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-41805 MEDIUM This Month

Tracks, a Getting Things Done (GTD) web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-37034 MEDIUM This Month

An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-42007 MEDIUM This Month

SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
5.8
EPSS
0.6%
CVE-2024-27357 MEDIUM This Month

An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2024-25090 MEDIUM This Month

Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Roller
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-7128 MEDIUM This Month

A flaw was found in the OpenShift console. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-41689 MEDIUM This Month

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sy Gpon 1110 Wdont Firmware
NVD
CVSS 4.0
5.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy