Skip to main content
CVE-2024-7196 MEDIUM POC This Month

A vulnerability was found in SourceCodester Complaints Report Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaints Report Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-7188 MEDIUM POC This Month

A vulnerability was found in Bylancer Quicklancer 2.4. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Quicklancer
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
7.0%
CVE-2024-37859 MEDIUM POC This Month

Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Lost And Found Information System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-41810 MEDIUM POC PATCH This Month

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Twisted
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2024-6487 MEDIUM POC This Month

The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Inline Related Posts
NVD WPScan
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-5285 MEDIUM POC This Month

The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Affiliate Platform
NVD WPScan
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-6578 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Aim
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41819 MEDIUM POC PATCH This Month

Note Mark is a web-based Markdown notes app. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Note Mark
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-4483 MEDIUM POC This Month

The Email Encoder WordPress plugin before 2.2.2 does not escape the WP_Email_Encoder_Bundle_options[protection_text] parameter before outputting it back in an attribute in an admin page, leading to a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Email Encoder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-7200 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Complaints Report Management System 1.0.php?action=save_settings. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complaints Report Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7199 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Complaints Report Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaints Report Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7198 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Complaints Report Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaints Report Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7197 MEDIUM POC This Month

A vulnerability was found in SourceCodester Complaints Report Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaints Report Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7195 MEDIUM POC This Month

A vulnerability was found in itsourcecode Society Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Society Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7194 MEDIUM POC This Month

A vulnerability was found in itsourcecode Society Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Society Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7192 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in itsourcecode Society Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Society Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7191 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in itsourcecode Society Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Society Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7190 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Society Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Society Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7189 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Online Food Ordering System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Food Ordering System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7181 MEDIUM POC This Month

A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3600r Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.1%
CVE-2024-7175 MEDIUM POC This Month

A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3600r Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.1%
CVE-2024-7193 MEDIUM POC This Month

A vulnerability has been found in Mp3tag up to 3.26d and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mp3Tag
NVD VulDB
CVSS 4.0
4.8
EPSS
0.4%
CVE-2024-40576 MEDIUM POC This Month

Cross Site Scripting vulnerability in Best House Rental Management System 1.0 allows a remote attacker to execute arbitrary code via the "House No" and "Description" parameters in the houses page at. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Best House Rental Management System
NVD GitHub
CVSS 3.1
4.7
EPSS
0.8%
CVE-2024-5883 MEDIUM POC This Month

The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Classified Listings
NVD WPScan
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-6362 MEDIUM POC This Month

The Ultimate Blocks WordPress plugin before 3.2.0 does not validate and escape some of its post-grid block attributes before outputting them back in a page/post where the block is embed, which could. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Blocks
NVD WPScan
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-32671 MEDIUM This Month

Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Samsung Escargot
NVD GitHub
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-27878 MEDIUM This Month

A buffer overflow issue was addressed with improved memory handling. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow macOS
NVD VulDB
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-40789 MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Safari Ipados +5
NVD VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-40782 MEDIUM This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Use After Free Memory Corruption Safari +6
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-41624 MEDIUM This Month

Incorrect access control in Himalaya Xiaoya nano smart speaker rom_version 1.6.96 allows a remote attacker to have an unspecified impact. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-40785 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Iphone Os Ipados Safari +4
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-40817 MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari macOS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-27877 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2024-41640 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in AML Surety Eco up to 3.5 allows an attacker to run arbitrary code via crafted GET request using the id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-27823 MEDIUM This Month

A race condition was addressed with improved locking. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Apple Information Disclosure Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-40777 MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-40836 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-40804 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-40780 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Iphone Os Ipados +5
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-27886 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-27872 MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-40811 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-40835 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-42079 MEDIUM PATCH This Month

This is a null pointer dereference vulnerability in the Linux kernel's GFS2 (Global File System 2) subsystem that occurs during the log flush operation when a race condition exists between glock work and filesystem unmount. An unprivileged local attacker can trigger this vulnerability to cause a kernel panic and denial of service by timing glock operations to race with unmount, exploiting the fact that sdp->sd_jdesc is dereferenced without null checks. The vulnerability has patches available from the Linux kernel development team across multiple stable branches, and while the EPSS score is very low (0.05%), the impact is a complete system availability disruption through kernel crash.

Linux Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40806 MEDIUM This Month

An out-of-bounds read issue was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40833 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40823 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27809 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27871 MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Apple Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27887 MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy