Skip to main content
CVE-2024-7505 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in itsourcecode Bike Delivery System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bike Delivery System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-7498 MEDIUM POC This Month

A vulnerability was found in itsourcecode Airline Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Airline Reservation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-7246 MEDIUM POC This Month

It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Grpc
NVD GitHub
CVSS 4.0
6.3
EPSS
0.2%
CVE-2024-41677 MEDIUM POC PATCH This Month

Qwik is a performance focused javascript framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Qwik
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-41333 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Tourism Management System
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-7082 MEDIUM POC This Month

The Easy Table of Contents WordPress plugin before 2.0.68 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Table Of Contents
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6651 MEDIUM POC THREAT This Month

The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS File Upload Wordpress File Upload
NVD WPScan
CVSS 3.1
6.1
EPSS
14.1%
CVE-2024-7008 MEDIUM POC PATCH THREAT This Month

Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Calibre
NVD GitHub
CVSS 3.1
6.1
EPSS
24.1%
CVE-2024-42358 MEDIUM POC PATCH This Month

PDFio is a simple C library for reading and writing PDF files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Pdfio
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-36424 MEDIUM POC This Month

K7RKScan.sys in K7 Ultimate Security before 17.0.2019 allows local users to cause a denial of service (BSOD) because of a NULL pointer dereference. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service K7 Ultimate Security
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
1.0%
CVE-2024-6766 MEDIUM POC This Month

The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Shortcodes Ultimate
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39229 MEDIUM POC This Month

An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Mt6000 Firmware A1300 Firmware X300B Firmware Ax1800 Firmware +24
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-7552 MEDIUM POC This Month

A vulnerability was found in DataGear up to 5.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Datagear
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7506 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-7500 MEDIUM POC This Month

A vulnerability was found in itsourcecode Airline Reservation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Airline Reservation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-7499 MEDIUM POC This Month

A vulnerability was found in itsourcecode Airline Reservation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Airline Reservation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7497 MEDIUM POC This Month

A vulnerability was found in itsourcecode Airline Reservation System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Airline Reservation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-7496 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Airline Reservation System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Airline Reservation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-7495 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in itsourcecode Laravel Accounting System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Laravel Accounting System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7551 MEDIUM POC This Month

A vulnerability was found in juzaweb CMS up to 3.4.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.9%
CVE-2024-7084 MEDIUM POC This Month

The Ajax Search Lite WordPress plugin before 4.12.1 does not sanitise and escape some parameters, which could allow users with a role as low as Admin+ to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ajax Search
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-5963 MEDIUM This Month

Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).8.7-00. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-38206 MEDIUM PATCH This Month

An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SSRF Microsoft Copilot Studio
NVD
CVSS 3.1
6.5
EPSS
12.3%
CVE-2024-42347 MEDIUM PATCH This Month

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Matrix React Sdk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-7564 MEDIUM This Month

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Unified Secops Platform
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2024-7531 MEDIUM This Month

Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intel Mozilla Firefox Firefox Esr
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-7529 MEDIUM This Month

The date picker could partially obscure security prompts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-7526 MEDIUM This Month

ANGLE failed to initialize parameters which lead to reading from uninitialized memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-7518 MEDIUM This Month

Select options could obscure the fullscreen notification dialog. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-39817 MEDIUM This Month

Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Office
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-40101 MEDIUM PATCH This Month

A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-38166 MEDIUM PATCH This Month

An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics Crm Service Portal Web Resource
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-43113 MEDIUM This Month

The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Mozilla Firefox
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-43112 MEDIUM This Month

Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Mozilla Firefox
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-43111 MEDIUM This Month

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Mozilla Firefox
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41910 MEDIUM This Month

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Poly Clariti Manager
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-7524 MEDIUM This Month

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Firefox Esr
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-33994 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-33993 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-33992 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-33991 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-33990 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-33989 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-33988 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Attendence Monitoring System School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33987 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Attendence Monitoring System School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33986 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Attendence Monitoring System School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33985 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Attendence Monitoring System School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33984 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Attendence Monitoring System School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33983 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Attendence Monitoring System School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33982 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Attendence Monitoring System School Event Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy