Skip to main content
CVE-2024-7843 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Online Graduate Tracer System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.0%
CVE-2024-7842 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Online Graduate Tracer System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Online Graduate Tracer System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.0%
CVE-2024-7839 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Billing System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Billing System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-7838 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Food Ordering System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Food Ordering System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-7813 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prison Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-7809 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Online Graduate Tracer System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-7808 MEDIUM POC This Month

A vulnerability was found in code-projects Job Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Job Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.2%
CVE-2024-7799 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-7798 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-7797 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-31800 MEDIUM POC This Month

Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gncc C2 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-31798 MEDIUM POC This Month

Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gncc C2 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-32231 MEDIUM POC PATCH This Month

Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

SQLi Stash
NVD GitHub
CVSS 3.1
6.3
EPSS
1.2%
CVE-2024-27731 MEDIUM POC PATCH This Month

Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Information Disclosure Friendica
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-27729 MEDIUM POC This Month

Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Friendica
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-27728 MEDIUM POC PATCH This Month

Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Friendica
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-42678 MEDIUM POC This Month

Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Super Easy Enterprise Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-42680 MEDIUM POC This Month

An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Super Easy Enterprise Management System
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-42677 MEDIUM POC This Month

An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to obtain sensitive information via the /nssys/common/filehandle. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Enterprise Resource Management System
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-6533 MEDIUM POC This Month

Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Directus
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-7844 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Online Graduate Tracer System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Graduate Tracer System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7841 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Clinic S Patient Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7812 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Best House Rental Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7811 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Daily Expenses Monitoring App 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Daily Expenses Monitoring App
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7810 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Graduate Tracer System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7800 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7815 MEDIUM POC This Month

A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Railway Reservation System
NVD GitHub VulDB Exploit-DB
CVSS 4.0
5.1
EPSS
1.1%
CVE-2024-7814 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Railway Reservation System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-31799 MEDIUM POC This Month

Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gncc C2 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-42488 MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Race Condition Cilium
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-42476 MEDIUM This Month

In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the `state` parameter to prevent cross-site request forgery (CSRF) attacks where a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-42475 MEDIUM This Month

In the OAuth library for nim prior to version 0.11, the `state` values generated by the `generateState` function do not have sufficient entropy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-22217 MEDIUM This Month

A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Terminalfour
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-40705 MEDIUM This Month

IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-22219 MEDIUM This Month

XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE XXE
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-31905 MEDIUM This Month

IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Qradar Network Packet Capture
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-7420 MEDIUM PATCH This Month

The Insert PHP Code Snippet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress PHP CSRF Insert Php Code Snippet
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2024-7625 MEDIUM PATCH This Month

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Hashicorp Information Disclosure Nomad
NVD
CVSS 3.1
5.8
EPSS
0.3%
CVE-2024-34742 MEDIUM PATCH This Month

In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-25024 MEDIUM This Month

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security Qradar Suite
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-25633 MEDIUM This Month

eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elabftw
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-7064 MEDIUM This Month

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.6.5 due to insufficient input sanitization and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Elementskit
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-6347 MEDIUM This Month

* Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU firmware in Nissan Altima (2022) allows attackers to trigger denial-of-service (DoS) by unauthorized. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Blind Spot Detection Sensor Ecu Firmware
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-7833 MEDIUM This Month

A vulnerability was found in D-Link DI-8100 16.07. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Di 8100 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
4.7%
CVE-2024-7411 MEDIUM This Month

The Newsletters plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.9.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-40704 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-42487 MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Cilium
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-7063 MEDIUM This Month

The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'render_raw' function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Elementskit
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-6534 MEDIUM PATCH This Month

Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Directus
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy