Skip to main content
CVE-2024-7275 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in itsourcecode Alton Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-7274 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in itsourcecode Alton Management System 1.0.php. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-1286 MEDIUM POC This Month

The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Paid Memberships Pro
NVD WPScan
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-41915 HIGH This Week

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-3986 MEDIUM POC This Month

The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Sportspress
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-41305 MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Wondercms
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-5808 MEDIUM POC This Month

The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Ajax Contact Form
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-41802 HIGH PATCH This Week

Xibo is a content management system (CMS). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Xibo
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-42159 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitise num_phys Information is stored in mr_sas_port->phy_mask, values larger then size of this field shouldn't be. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Debian Linux Linux Kernel
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-42136 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: cdrom: rearrange last_media_change check to avoid unintentional overflow When running syzkaller with the newly reintroduced signed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Debian Buffer Overflow Linux Integer Overflow Debian Linux +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-42160 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fs_build_fault_attr() - It missed to check validation of fault attrs in parse_options(),. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Debian Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-42148 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: bnx2x: Fix multiple UBSAN array-index-out-of-bounds Fix UBSAN warnings that occur when using a system with 32 physical cpu cores or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Broadcom Buffer Overflow HP Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-42147 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/debugfs - Fix debugfs uninit process issue During the zip probe process, the debugfs failure does not stop the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-42138 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file In case of invalid INI file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-42121 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check index msg_id before read or write [WHAT] msg_id is used as an array index and it cannot be a negative value,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Amd Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-42120 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check pipe offset before setting vblank pipe_ctx has a size of MAX_PIPES so checking its index before accessing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Amd Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-42119 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip finding free audio for unknown engine_id [WHY] ENGINE_ID_UNKNOWN = -1 and can not be used as an array index. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Amd Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-42118 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not return negative stream id for array [WHY] resource_stream_to_stream_idx returns an array index and it. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Amd Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-42117 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: ASSERT when failing to find index by plane/stream id [WHY] find_disp_cfg_idx_by_plane_id and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Amd Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-42112 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: free isb resources at the right time When using MSI/INTx interrupt, the shared interrupts are still being handled in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-42105 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix inode number range checks Patch series "nilfs2: fix potential issues related to reserved inodes". Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-42104 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries Syzbot reported that mounting and unmounting a specific pattern of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-5249 HIGH This Week

In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Akana Api
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-37299 HIGH PATCH This Week

Discourse is an open source discussion platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-41696 HIGH This Week

Priority PRI WEB Portal Add-On for Priority ERP on prem - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-41695 HIGH This Week

Cybonet - CWE-22: Improper Limitation of a Pathname to a Restricted Directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-38431 HIGH This Week

Matrix Tafnit v8 - CWE-204: Observable Response Discrepancy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tafnit
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-38429 HIGH This Week

Matrix Tafnit v8 - CWE-552: Files or Directories Accessible to External Parties. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Tafnit
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-42225 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: replace skb_put with skb_put_zero Avoid potentially reusing uninitialized data. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-7127 HIGH This Week

Improper Neutralization of Input During Web Page Generation vulnerability in Stackposts Social Marketing Tool allows Cross-site Scripting (XSS) attack. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Social Marketing Tool
NVD
CVSS 4.0
7.2
EPSS
0.4%
CVE-2024-41924 HIGH This Week

Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-4188 HIGH This Week

Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.7 through 23.4. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-42132 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX Syzbot hit warning in hci_conn_del() caused by freeing. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-42228 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Initialize the size before calling. Rated high severity (CVSS 7.0). This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2024-42162 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: gve: Account for stopped queues when reading NIC stats We now account for the fact that the NIC might send us stats for a subset of. Rated high severity (CVSS 7.0).

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2024-37281 MEDIUM PATCH This Month

An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Elastic Denial Of Service Kibana
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-7209 MEDIUM This Month

A vulnerability exists in the use of shared SPF records in multi-tenant hosting providers, allowing attackers to use network authorization to be abused to spoof the email identify of the sender. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-7208 MEDIUM This Month

A vulnerability in multi-tenant hosting allows an authenticated sender to spoof the identity of a shared, hosted domain, thus bypass security measures provided by DMARC (or SPF or DKIM) policies. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-41944 MEDIUM This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-41804 MEDIUM PATCH This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Xibo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-40895 MEDIUM This Month

FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-42161 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD [Changes from V1: - Use a default branch in the switch statement to. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-42111 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: always do the basic checks for btrfs_qgroup_inherit structure [BUG] Syzbot reports the following regression detected by. Rated medium severity (CVSS 6.3). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Google Linux Linux Kernel
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-7220 LOW POC Monitor

A vulnerability was found in SourceCodester/Campcodes School Log Management System 1.0. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Log Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2024-7221 LOW POC Monitor

A vulnerability was determined in SourceCodester/Campcodes School Log Management System 1.0. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Log Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2024-39320 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Discourse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37165 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Discourse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-41693 MEDIUM This Month

Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mashov
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41141 MEDIUM This Month

Stored cross-site scripting vulnerability exists in EC-CUBE Web API Plugin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-38430 MEDIUM This Month

Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tafnit
NVD
CVSS 3.1
6.1
EPSS
0.3%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy