Skip to main content
CVE-2024-42849 MEDIUM POC This Month

An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Silverpeas
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2024-43381 MEDIUM POC PATCH This Month

reNgine is an automated reconnaissance framework for web applications. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Rengine
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-7853 MEDIUM POC This Month

A vulnerability was found in SourceCodester Yoga Class Registration System up to 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Yoga Class Registration System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7852 MEDIUM POC This Month

A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as problematic.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Yoga Class Registration System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7851 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Yoga Class Registration System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7845 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Graduate Tracer System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-25008 MEDIUM This Month

Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Ericsson RCE
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-6004 MEDIUM This Month

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-5210 MEDIUM This Month

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to prevent printer services from being reachable until the. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-5209 MEDIUM This Month

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printing capabilities until the system is rebooted. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-4782 MEDIUM This Month

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to disrupt the printer's functionality until a manual system. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-4781 MEDIUM This Month

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to crash printer communications until the system is rebooted. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-7147 MEDIUM This Month

The JetBlocks for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple placeholder parameters in all versions up to, and including, 1.3.12 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-7136 MEDIUM This Month

The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-43809 MEDIUM This Month

In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-7301 MEDIUM PATCH This Month

The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.24.8 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS File Upload Wordpress File Upload
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6098 MEDIUM This Month

When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
5.9
EPSS
0.4%
CVE-2024-7630 MEDIUM PATCH This Month

The Relevanssi - A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 (Free) and 2.25.1 (Premium) via the relevanssi_do_query() due. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Relevanssi
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2024-43006 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Zzcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-42758 MEDIUM This Month

A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-25837 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS October
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-43810 MEDIUM This Month

In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-43808 MEDIUM This Month

In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-43807 MEDIUM This Month

In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7144 MEDIUM This Month

The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Jetelements
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-43011 MEDIUM This Month

An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Zzcms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.7%
CVE-2024-43009 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Zzcms
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-43005 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the component dl_liuyan_save.php of ZZCMS v2023 allows attackers to execute arbitrary code in the context of a user's browser via injecting a. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP XSS Zzcms
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2022-3399 MEDIUM This Month

The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cookie_notice_options[refuse_code_head]' parameter in versions up to, and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS WordPress
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-7422 MEDIUM This Month

The Theme My Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.1.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-7501 MEDIUM This Month

The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.7. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy