Skip to main content
CVE-2024-7933 MEDIUM POC This Month

A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Project Expense Monitoring System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-7929 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Forum Website 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Forum Website
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-7927 MEDIUM POC This Month

A vulnerability classified as critical was found in ZZCMS 2023. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Zzcms
NVD VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-7926 MEDIUM POC This Month

A vulnerability classified as critical has been found in ZZCMS 2023. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Zzcms
NVD VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-7924 MEDIUM POC This Month

A vulnerability was found in ZZCMS 2023. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Zzcms
NVD VulDB
CVSS 4.0
6.9
EPSS
1.4%
CVE-2024-7919 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jielink Jsotc2016
NVD VulDB
CVSS 4.0
6.9
EPSS
1.1%
CVE-2024-35539 MEDIUM POC This Month

Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Typecho
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
1.4%
CVE-2024-23729 MEDIUM POC This Month

The ColorOS Internet Browser com.heytap.browser application 45.10.3.4.1 for Android allows a remote attacker to execute arbitrary JavaScript code via the com.android.browser.RealBrowserActivity. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Internet Browser
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6843 MEDIUM POC This Month

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Chatbot With Chatgpt
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-7935 MEDIUM POC This Month

A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Project Expense Monitoring System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7934 MEDIUM POC This Month

A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Project Expense Monitoring System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7931 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Graduate Tracer System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7930 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Clinic S Patient Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7928 MEDIUM POC THREAT This Month

A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Fastadmin
NVD VulDB
CVSS 4.0
5.3
EPSS
16.9%
CVE-2024-35538 MEDIUM POC This Month

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Typecho
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-7925 MEDIUM POC This Month

A vulnerability was found in ZZCMS 2023. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Zzcms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7922 MEDIUM POC THREAT This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 120 Firmware Dnr 202L Firmware Dns 315L Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
19.5%
CVE-2024-7921 MEDIUM POC This Month

A vulnerability has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jielink Jsotc2016
NVD VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-7920 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jielink Jsotc2016
NVD VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-4785 MEDIUM PATCH This Month

BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-43250 MEDIUM This Month

Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.6.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Bit Form
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-43317 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Metagauss User Registration Team RegistrationMagic allows Cross-Site Scripting (XSS).0.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Registrationmagic
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-43280 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Salon Booking System Salon booking system.8.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Salon Booking System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-32928 MEDIUM This Month

The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Google Nest Mini Firmware Libcurl
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-43326 MEDIUM This Month

Missing Authorization vulnerability in Jamie Bergen Plugin Notes Plus allows Accessing Functionality Not Properly Constrained by ACLs.2.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-43400 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-25582 MEDIUM This Month

Module savepoints could be abused to inject references to malicious code delivered through the same domain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-43281 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VOID CODERS Void Elementor Post Grid Addon for Elementor Page builder allows PHP Local File Inclusion.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-43272 MEDIUM This Month

Missing Authentication for Critical Function vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.1.24. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6348 MEDIUM This Month

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Blind Spot Protection Sensor Ecu Firmware
NVD
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-43236 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Easy PayPal Buy Now Button.9. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD
CVSS 3.1
4.7
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy