Skip to main content
CVE-2024-7328 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in YouDianCMS 7.php?action=phpinfo. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Youdiancms
NVD VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-7321 MEDIUM POC This Month

A vulnerability classified as problematic was found in itsourcecode Online Blood Bank Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-7320 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Online Blood Bank Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-7311 MEDIUM POC This Month

A vulnerability was found in code-projects Online Bus Reservation Site 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Bus Reservation Site
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-7286 MEDIUM POC This Month

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical.php?action=login of the component Login. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Establishment Billing Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-7279 MEDIUM POC This Month

A vulnerability was found in SourceCodester Lot Reservation Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lot Reservation Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-6977 MEDIUM POC This Month

A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Cato Client
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-6412 MEDIUM POC This Month

The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Html Forms
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-6272 MEDIUM POC This Month

The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Spidercontacts
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41108 MEDIUM POC This Month

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Fogproject
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-41955 MEDIUM POC PATCH This Month

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Apple Open Redirect Google Microsoft Mobile Security Framework
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2024-41947 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.7%
CVE-2024-6408 MEDIUM POC This Month

The Slider by 10Web WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Slider
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-7329 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in YouDianCMS 7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Youdiancms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-7327 MEDIUM POC This Month

A vulnerability classified as critical was found in Xinhu RockOA 2.6.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Xinhu
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7310 MEDIUM POC This Month

A vulnerability was found in SourceCodester Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7309 MEDIUM POC This Month

A vulnerability was found in SourceCodester Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7308 MEDIUM POC This Month

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Establishment Billing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7307 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Establishment Billing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7306 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Establishment Billing Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Establishment Billing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7303 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7300 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bolt
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7299 MEDIUM POC This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Bolt CMS 3.7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bolt
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7290 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Establishment Billing Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Establishment Billing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7289 MEDIUM POC This Month

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Establishment Billing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7288 MEDIUM POC This Month

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Establishment Billing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7287 MEDIUM POC This Month

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Establishment Billing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7285 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Establishment Billing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7284 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Lot Reservation Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Lot Reservation Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7283 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Lot Reservation Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lot Reservation Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7282 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Lot Reservation Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lot Reservation Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7281 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Lot Reservation Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lot Reservation Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7280 MEDIUM POC This Month

A vulnerability was found in SourceCodester Lot Reservation Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lot Reservation Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7278 MEDIUM POC This Month

A vulnerability was found in itsourcecode Alton Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-7277 MEDIUM POC This Month

A vulnerability was found in itsourcecode Alton Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-6165 MEDIUM POC This Month

The WANotifier WordPress plugin before 2.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wanotifier
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-37900 MEDIUM POC PATCH THREAT This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
4.6
EPSS
15.8%
CVE-2024-31201 MEDIUM This Month

A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIP_Scrutation service. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Thermoscan Ip
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-7135 MEDIUM PATCH This Month

The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Path Traversal Tainacan
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2024-39947 MEDIUM This Month

A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Dahua Nvr4104 4Ks2 L Firmware Nvr4108 4Ks2 L Firmware Nvr4116 4Ks2 L Firmware +53
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-41953 MEDIUM PATCH This Month

Zitadel is an open source identity management system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zitadel
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-31199 MEDIUM This Month

A “CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')” allows malicious users to permanently inject arbitrary Javascript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sensor Net Connect Firmware V2
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41256 MEDIUM This Month

Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Filestash
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-31203 MEDIUM This Month

A “CWE-121: Stack-based Buffer Overflow” in the wd210std.dll dynamic library packaged with the ThermoscanIP installer allows a local attacker to possibly trigger a Denial-of-Service (DoS) condition. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Thermoscan Ip
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-39379 MEDIUM PATCH This Month

Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Acrobat
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-39318 MEDIUM PATCH This Month

The Ibexa Admin UI Bundle contains all the necessary parts to run the Ibexa DXP Back Office interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS Microsoft
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-6208 MEDIUM PATCH This Month

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_all_packages' shortcode in all versions up to, and including, 3.2.97 due to insufficient. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Download Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-6725 MEDIUM This Month

The Formidable Forms - Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Formidable Forms
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-41258 MEDIUM This Month

An issue was discovered in filestash v0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Information Disclosure Filestash
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-41254 MEDIUM This Month

An issue was discovered in litestream v0.3.13. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Information Disclosure Litestream
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy