Skip to main content
CVE-2024-34343 MEDIUM POC PATCH This Month

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nuxt
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-41381 MEDIUM POC This Month

microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\settings\admin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41380 MEDIUM POC This Month

microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-5081 MEDIUM POC This Month

The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Wp Emember
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-41816 MEDIUM POC PATCH This Month

Cooked is a recipe plugin for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Cooked
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3636 MEDIUM POC This Month

The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pinpoint Booking System
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7494 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Clinic S Patient Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7470 MEDIUM POC THREAT This Month

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Msg2300 Firmware Msg2100E Firmware Msg2200 Firmware +1
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
24.9%
CVE-2024-7469 MEDIUM POC THREAT This Month

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Msg2300 Firmware Msg2100E Firmware Msg2200 Firmware +1
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
24.9%
CVE-2024-7468 MEDIUM POC THREAT This Month

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Msg2300 Firmware Msg2100E Firmware Msg2200 Firmware +1
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
24.9%
CVE-2024-7467 MEDIUM POC THREAT This Month

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Msg2300 Firmware Msg2100E Firmware Msg2200 Firmware +1
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
23.4%
CVE-2024-7464 MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp900 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
19.9%
CVE-2024-7466 MEDIUM POC This Month

A vulnerability has been found in PMWeb 7.2.00 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pmweb
NVD VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-6498 MEDIUM POC This Month

The Chatbot for WordPress by Collect.chat ⚡️ WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Collect Chat
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-6270 MEDIUM POC This Month

The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Community Events
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-7461 MEDIUM This Month

A vulnerability was found in ForIP Tecnologia Administração PABX 1.x. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Administracao Pabx
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-23350 MEDIUM This Month

Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wcd9395 Firmware +21
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-41959 MEDIUM PATCH This Month

mailcow: dockerized is an open source groupware/email suite based on docker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Docker Mailcow
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41820 MEDIUM PATCH This Month

Kubean is a cluster lifecycle management toolchain based on kubespray and other cluster LCM engine. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
6.0
EPSS
0.4%
CVE-2024-41200 MEDIUM This Month

A segmentation fault in KMPlayer v4.2.2.65 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Kmplayer
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-23357 MEDIUM This Month

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Sg8275p Firmware Sm7250p Firmware Qcm8550 Firmware Qcs8250 Firmware Qcs6125 Firmware +233
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-6710 MEDIUM This Month

The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Ditty
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41960 MEDIUM PATCH This Month

mailcow: dockerized is an open source groupware/email suite based on docker. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Docker Mailcow
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy