Skip to main content
CVE-2024-7743 MEDIUM POC This Month

A vulnerability was found in wanglongcn ltcms 1.0.20. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ltcms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-7742 MEDIUM POC This Month

A vulnerability was found in wanglongcn ltcms 1.0.20. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ltcms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-7741 MEDIUM POC This Month

A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ltcms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-7740 MEDIUM POC This Month

A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ltcms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-7739 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in yzane vscode-markdown-pdf 1.5.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Markdown Pdf
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-7709 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in OcoMon 4.0RC1/4.0/5.0RC1.php of the component URL Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-42740 MEDIUM POC This Month

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
2.8%
CVE-2024-38213 MEDIUM POC KEV PATCH THREAT This Month

Windows Mark of the Web Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
6.5
EPSS
13.4%
CVE-2024-41613 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Symphony Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-7751 MEDIUM POC This Month

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Clinic S Patient Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7750 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Clinic S Patient Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7749 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Accounts Manager App 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Accounts Manager App
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7748 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Accounts Manager App 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Accounts Manager App
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-7733 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in FastCMS up to 0.1.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fastcms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7738 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Markdown Pdf
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-41614 MEDIUM POC This Month

symphonycms <=2.7.10 is vulnerable to Cross Site Scripting (XSS) in the Comment component for articles. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Symphony Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-6724 MEDIUM POC This Month

The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Magic Post Thumbnail
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-7567 MEDIUM This Month

A denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 (2080 -L50E/2080 -L70E). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Denial Of Service
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-41683 MEDIUM This Month

A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Location Intelligence
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-41682 MEDIUM This Month

A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Location Intelligence
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-38223 MEDIUM PATCH This Month

Windows Initial Machine Configuration Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-38161 MEDIUM PATCH This Month

Windows Mobile Broadband Driver Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1809 +7
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2024-41711 MEDIUM This Month

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an unauthenticated attacker with. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-38173 MEDIUM PATCH This Month

Microsoft Outlook Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.7).

RCE Microsoft 365 Apps Office Office Long Term Servicing Channel +1
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2024-42368 MEDIUM PATCH This Month

OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-38214 MEDIUM PATCH This Month

Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 +4
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2024-38197 MEDIUM PATCH This Month

Microsoft Teams for iOS Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Information Disclosure Microsoft Teams
NVD
CVSS 3.1
6.5
EPSS
16.1%
CVE-2024-38165 MEDIUM PATCH This Month

Windows Compressed Folder Tampering Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Windows 11 22h2 Windows 11 23h2
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2024-43165 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rashid87 WPSection allows PHP Local File Inclusion.3.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-39642 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.2.6.8.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-38752 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zoho Campaigns allows Cross-Site Scripting (XSS).0.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zoho
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-42376 MEDIUM This Month

SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Shared Service Framework
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-2259 MEDIUM This Month

This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
6.4
EPSS
0.5%
CVE-2024-41906 MEDIUM This Month

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Sinec Traffic Analyzer
NVD
CVSS 4.0
6.3
EPSS
0.2%
CVE-2024-33005 MEDIUM This Month

Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Abap Netweaver Java Content Server +1
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-38501 MEDIUM This Month

An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Icdm Rx Tcp Socketserver Firmware Profinet Firmware Profinet Modbus Firmware Modbus Router Firmware +4
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41681 MEDIUM This Month

A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Location Intelligence
NVD
CVSS 4.0
6.0
EPSS
0.2%
CVE-2024-3913 MEDIUM This Month

An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Information Disclosure Charx Sec 3150 Firmware Charx Sec 3100 Firmware Charx Sec 3050 Firmware +1
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-21981 MEDIUM This Month

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys,. Rated medium severity (CVSS 5.7). No vendor patch available.

Authentication Bypass RCE Amd
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2024-38155 MEDIUM PATCH This Month

Security Center Broker Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +4
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2024-38151 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-38122 MEDIUM PATCH This Month

Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-38118 MEDIUM PATCH This Month

Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-36505 MEDIUM This Month

An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortios
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-6079 MEDIUM This Month

A vulnerability exists in the Rockwell Automation Emulate3D™, which could be leveraged to execute a DLL Hijacking attack. Rated medium severity (CVSS 5.4). No vendor patch available.

RCE Rockwell
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-7247 MEDIUM PATCH This Month

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Element Pack
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-7092 MEDIUM PATCH This Month

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘no_more_items_text’. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Essential Addons For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-42373 MEDIUM This Month

SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Student Life Cycle Management
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-41735 MEDIUM This Month

SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Commerce Backoffice
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-41732 MEDIUM This Month

SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Application Server Abap
NVD
CVSS 3.1
5.4
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy