Skip to main content
CVE-2024-7369 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical.php?action=login of the component Login. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-7367 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Realtime Quiz System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-7366 MEDIUM POC This Month

A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tracking Monitoring Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-7360 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Tracking Monitoring Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Tracking Monitoring Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-7339 MEDIUM POC THREAT This Month

A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

HP Information Disclosure Sh 4050A5 5L Mm Firmware Avision Av108T Firmware Td 2104ts Cl Firmware +1
NVD VulDB
CVSS 4.0
6.9
EPSS
32.0%
CVE-2024-6496 MEDIUM POC This Month

The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks when deleting polls, which could allow attackers to make logged in users perform such action via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Light Poll
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-2843 MEDIUM POC This Month

The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Woocommerce Customers Manager
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-1747 MEDIUM POC This Month

The WooCommerce Customers Manager WordPress plugin before 30.2 does not have authorisation and CSRF in various AJAX actions, allowing any authenticated users, such as subscriber, to call them and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Woocommerce Customers Manager
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-7371 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7370 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7368 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Simple Realtime Quiz System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7365 MEDIUM POC This Month

A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tracking Monitoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7364 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Tracking Monitoring Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tracking Monitoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7363 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Tracking Monitoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tracking Monitoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7362 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Tracking Monitoring Management System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tracking Monitoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7361 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Tracking Monitoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tracking Monitoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7359 MEDIUM POC This Month

A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tracking Monitoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7357 MEDIUM POC This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 600 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
5.7%
CVE-2024-7343 MEDIUM POC This Month

A vulnerability was found in Baidu UEditor 1.4.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ueditor
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7342 MEDIUM POC This Month

A vulnerability was found in Baidu UEditor 1.4.3.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Ueditor
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7330 MEDIUM POC This Month

A vulnerability has been found in YouDianCMS 7 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Youdiancms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-4090 MEDIUM POC This Month

The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.2 does not sanitise and escape some of its settings, which could allow. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS My Sticky Bar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-2872 MEDIUM POC This Month

The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Swift Framework
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-39607 MEDIUM This Month

OS command injection vulnerability exists in ELECOM wireless LAN routers. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-34021 MEDIUM This Month

Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection File Upload
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-39649 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite.9.26. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-39655 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiquidPoll LiquidPoll - Advanced Polls for Creators and Brands.3.77. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-39665 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YMC Filter & Grids allows Stored XSS.9.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-39661 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ExtendThemes Kubio AI Page Builder.2.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-38772 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetWidgets for Elementor and WooCommerce allows PHP Local File Inclusion.1.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP WordPress
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-39274 MEDIUM PATCH This Month

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-6346 MEDIUM This Month

The Gutenberg Blocks, Page Builder - ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Comboblocks
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-41949 MEDIUM PATCH This Month

biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Biscuit Auth
NVD GitHub
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-36492 MEDIUM PATCH This Month

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-2090 MEDIUM This Month

The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remote_content shortcode. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress Remote Content Shortcode
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-41962 MEDIUM PATCH This Month

Bostr is an nostr relay aggregator proxy that acts like a regular nostr relay. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Bostr
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-39643 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.0.0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Registrationmagic
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-39652 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPWeb Elite WooCommerce PDF Vouchers allows Reflected XSS.9.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Woocommerce Pdf Vouchers
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-7211 MEDIUM This Month

The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Platform
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-39626 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rob @ 5 Star Plugins Pretty Simple Popup Builder pretty-simple-popup-builder allows Stored. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-39660 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jordy Meow Photo Engine allows Stored XSS.3.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-32931 MEDIUM This Month

Under certain circumstances the exacqVision Web Service can expose authentication token details within communications. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Exacqvision Web Service
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-39630 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in MotoPress Timetable and Event Schedule allows Object Injection.4.13. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-39637 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in pixelcurve Edubin edubin.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-39644 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.3.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Black Widgets For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39668 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor allows Stored XSS.0.31. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Extensions For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39667 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.6.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Element Pack
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39662 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.3.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Black Widgets For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39659 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Stored XSS.91.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Postratings
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39837 MEDIUM PATCH This Month

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
5.4
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy