Skip to main content
CVE-2024-33895 MEDIUM POC This Month

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ewon Cosy Firmware
NVD
CVSS 3.1
6.6
EPSS
0.5%
CVE-2024-33893 MEDIUM POC This Month

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ewon Cosy Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-5595 MEDIUM POC This Month

The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Essential Blocks
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-42349 MEDIUM POC This Month

FOG is a cloning/imaging/rescue suite/inventory management system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fogproject
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-42460 MEDIUM POC PATCH This Month

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Elliptic
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-42459 MEDIUM POC PATCH This Month

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Jwt Attack Information Disclosure Elliptic
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-7378 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7377 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7376 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Simple Realtime Quiz System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7375 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Realtime Quiz System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7374 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Simple Realtime Quiz System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7373 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Simple Realtime Quiz System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7372 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-38878 MEDIUM This Month

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Omnivise T3000 Application Server
NVD
CVSS 4.0
6.9
EPSS
11.5%
CVE-2024-38888 MEDIUM This Month

An issue in Horizon Business Services Inc. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Caterease
NVD VulDB
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-7323 MEDIUM This Month

Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Easyflow Net
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-40719 MEDIUM This Month

The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Tcb Servisign
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-4643 MEDIUM PATCH This Month

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Element Pack
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-7204 MEDIUM This Month

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Qbibot
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-6704 MEDIUM PATCH This Month

The Comments - wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wpdiscuz
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-39396 MEDIUM This Month

InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Indesign
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-6567 MEDIUM This Month

The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Ebook Store
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-41519 MEDIUM This Month

Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS) via "/admin/programm/<program_id>/zuordnung/veranstaltungen/<event_id>" through the "school" input field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Feripro
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3827 MEDIUM This Month

The Spectra Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block ids in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Spectra
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41517 MEDIUM This Month

An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro <= v2.2.3 allows remote attackers to get a list of all users and their corresponding. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Feripro
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-7319 MEDIUM This Month

An incomplete fix for CVE-2023-1625 was found in openstack-heat. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Heat Openstack Platform
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2024-27182 MEDIUM PATCH This Month

In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by the Linkis system user . Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Apache Linkis
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2024-40723 MEDIUM This Month

The specific API in HWATAIServiSign Windows Version from CHANGING Information Technology does not properly validate the length of server-side inputs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Microsoft Hwatai Servisign
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-40722 MEDIUM This Month

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Microsoft Tcb Servisign
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-22278 MEDIUM PATCH This Month

Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Harbor
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy