Skip to main content
CVE-2024-7277 MEDIUM POC This Month

A vulnerability was found in itsourcecode Alton Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-40465 HIGH PATCH This Week

An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Beego
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-40464 HIGH PATCH This Week

An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Beego
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37901 HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-6165 MEDIUM POC This Month

The WANotifier WordPress plugin before 2.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wanotifier
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-37900 MEDIUM POC PATCH THREAT This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
4.6
EPSS
15.8%
CVE-2024-7325 HIGH This Week

A vulnerability was found in IObit Driver Booster 11.0.0.0. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Driver Booster
NVD VulDB
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-7324 HIGH This Week

A vulnerability was found in IObit iTop Data Recovery Pro 4.4.0.687. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-3083 HIGH This Week

A “CWE-352: Cross-Site Request Forgery (CSRF)” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Sensor Net Connect Firmware V2
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2024-42381 HIGH This Week

os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
8.3
EPSS
0.6%
CVE-2024-31202 HIGH This Week

A “CWE-732: Incorrect Permission Assignment for Critical Resource” in the ThermoscanIP installation folder allows a local attacker to perform a Local Privilege Escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Thermoscan Ip
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-37142 HIGH This Week

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Dell Peripheral Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-37129 HIGH This Week

Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Path Traversal Dell Inventory Collector
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-37127 HIGH This Week

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Dell Peripheral Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-32857 HIGH This Week

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Dell Peripheral Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-41255 HIGH This Week

filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Filestash
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23444 HIGH PATCH This Week

It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-41950 HIGH PATCH This Week

Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Ssti Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-39949 HIGH This Week

A vulnerability has been found in Dahua products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dahua Nvr4104 4Ks2 L Firmware Nvr4108 4Ks2 L Firmware Nvr4116 4Ks2 L Firmware +53
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-39948 HIGH This Week

A vulnerability has been found in Dahua products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Dahua Nvr4104 4Ks2 L Firmware Nvr4108 4Ks2 L Firmware +54
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-39944 HIGH This Week

A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dahua Nvr4104 4Ks2 L Firmware Nvr4108 4Ks2 L Firmware Nvr4116 4Ks2 L Firmware +55
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-41262 HIGH This Week

mmudb v1.9.3 was discovered to use the HTTP protocol in the ShowMetricsRaw and ShowMetricsAsText functions, possibly allowing attackers to intercept communications via a man-in-the-middle attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Immudb
NVD GitHub
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-6770 HIGH This Week

The Lifetime free Drag & Drop Contact Form Builder for WordPress VForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.1.5 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-39946 HIGH This Week

A vulnerability has been found in Dahua products.After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dahua Nvr4104 4Ks2 L Firmware Nvr4108 4Ks2 L Firmware Nvr4116 4Ks2 L Firmware +53
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-41253 HIGH This Week

goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-31201 MEDIUM This Month

A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIP_Scrutation service. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Thermoscan Ip
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-7135 MEDIUM PATCH This Month

The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Path Traversal Tainacan
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2024-39947 MEDIUM This Month

A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Dahua Nvr4104 4Ks2 L Firmware Nvr4108 4Ks2 L Firmware Nvr4116 4Ks2 L Firmware +53
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-41953 MEDIUM PATCH This Month

Zitadel is an open source identity management system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zitadel
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-31199 MEDIUM This Month

A “CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')” allows malicious users to permanently inject arbitrary Javascript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sensor Net Connect Firmware V2
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41256 MEDIUM This Month

Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Filestash
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-31203 MEDIUM This Month

A “CWE-121: Stack-based Buffer Overflow” in the wd210std.dll dynamic library packaged with the ThermoscanIP installer allows a local attacker to possibly trigger a Denial-of-Service (DoS) condition. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Thermoscan Ip
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-39379 MEDIUM PATCH This Month

Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Acrobat
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-39318 MEDIUM PATCH This Month

The Ibexa Admin UI Bundle contains all the necessary parts to run the Ibexa DXP Back Office interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS Microsoft
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-6208 MEDIUM PATCH This Month

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_all_packages' shortcode in all versions up to, and including, 3.2.97 due to insufficient. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Download Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-6725 MEDIUM This Month

The Formidable Forms - Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Formidable Forms
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-41258 MEDIUM This Month

An issue was discovered in filestash v0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Information Disclosure Filestash
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-41254 MEDIUM This Month

An issue was discovered in litestream v0.3.13. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Information Disclosure Litestream
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-41952 MEDIUM PATCH This Month

Zitadel is an open source identity management system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Zitadel
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-2508 MEDIUM This Month

The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_menu_item_icon function in all versions up to, and including,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-39945 MEDIUM This Month

A vulnerability has been found in Dahua products. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Dahua Nvr4104 4Ks2 L Firmware Nvr4108 4Ks2 L Firmware Nvr4116 4Ks2 L Firmware +53
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-39694 MEDIUM PATCH This Month

Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-3082 MEDIUM This Month

A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext unless specific security. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sensor Net Connect Firmware V2
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-31200 MEDIUM This Month

A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sensor Net Connect Firmware V2
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-41951 MEDIUM PATCH This Month

Pheonix App is a Python application designed to streamline various tasks, from managing files to playing mini-games. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure
NVD GitHub
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-37135 MEDIUM This Month

DM5500 5.16.0.0, contains an information disclosure vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dm5500 Firmware
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-37898 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-4187 LOW Monitor

Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1 and 24.2. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Filr
NVD
CVSS 4.0
2.1
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy