Skip to main content
CVE-2024-7947 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Point of Sales and Inventory Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Point Of Sales And Inventory Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-7946 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-42598 MEDIUM POC This Month

SeaCMS 13.0 has a remote code execution vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Seacms
NVD
CVSS 3.1
6.7
EPSS
1.2%
CVE-2024-41658 MEDIUM POC This Month

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Casdoor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-42560 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component update_page_details.php of Blood Bank And Donation Management System commit dc9e039 allows attackers to execute arbitrary web scripts or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Blood Bank And Donation Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-43396 MEDIUM POC PATCH This Month

Khoj is an application that creates personal AI agents. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Khoj
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-39094 MEDIUM POC This Month

Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Friendica
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7949 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Online Graduate Tracer System up to 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Graduate Tracer System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7948 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Accounts Manager App 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Accounts Manager App
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7945 MEDIUM POC This Month

A vulnerability was found in itsourcecode Laravel Property Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Laravel Property Management System
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7943 MEDIUM POC This Month

A vulnerability was found in itsourcecode Laravel Property Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Laravel Property Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-7942 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Leads Manager Tool 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Leads Manager Tool
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7937 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Project Expense Monitoring System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Project Expense Monitoring System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7936 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Project Expense Monitoring System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Project Expense Monitoring System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8003 MEDIUM POC PATCH This Month

A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available.

Deserialization Gotribe Admin
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.8%
CVE-2024-8005 MEDIUM PATCH This Month

A vulnerability was found in demozx gf_cms 1.0/1.0.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Gf Cms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-41773 MEDIUM This Month

IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Global Configuration Management
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-43409 MEDIUM PATCH This Month

Ghost is a Node.js content management system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Node.js Ghost
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-25009 MEDIUM This Month

Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Ericsson Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-7782 MEDIUM PATCH This Month

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal PHP WordPress Contact Form Builder
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-43408 MEDIUM This Month

Discourse Placeholder Forms will let you build dynamic documentation. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-40743 MEDIUM This Month

The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-27186 MEDIUM This Month

The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-27184 MEDIUM This Month

Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Joomla
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-6379 MEDIUM This Month

A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS 3Dexperience
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-6377 MEDIUM This Month

An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect 3Dexperience
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41697 MEDIUM This Month

Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Priority
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-7850 MEDIUM This Month

The BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.7.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-6337 MEDIUM This Month

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 4.0
5.9
EPSS
0.7%
CVE-2024-43861 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: fix memory leak for not ip packets Free the unused skb when not ip packets arrive. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-6322 MEDIUM PATCH This Month

Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6378 MEDIUM This Month

A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3Dexperience
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-42335 MEDIUM This Month

7Twenty - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bot
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7054 MEDIUM PATCH This Month

The Popup Maker - Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘close_text’ parameter in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Popup Maker
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5576 MEDIUM PATCH This Month

The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'course_carousel_skin' attribute within the plugin's Course Carousel widget in all versions up. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Tutor Lms Elementor Addons
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6864 MEDIUM PATCH This Month

The WP Last Modified Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘template’ attribute of the lmt-post-modified-info shortcode in all versions up to, and including,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Last Modified Info
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6575 MEDIUM PATCH This Month

The The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘res_width_value’. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS The Plus Addons For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5763 MEDIUM PATCH This Month

The The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_date attribute. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS The Plus Addons For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-5941 MEDIUM PATCH This Month

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'handle_request' function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Givewp
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-7711 MEDIUM This Month

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-43376 MEDIUM PATCH This Month

Umbraco is an ASP.NET CMS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Umbraco Cms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-42369 MEDIUM PATCH This Month

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Javascript Sdk
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-7944 MEDIUM This Month

A vulnerability was found in itsourcecode Laravel Property Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Laravel Property Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-5940 MEDIUM PATCH This Month

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_request' function in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Givewp
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-5939 MEDIUM PATCH This Month

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'setup_wizard' function in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Givewp
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-28829 MEDIUM This Month

Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Checkmk
NVD
CVSS 4.0
5.2
EPSS
0.2%
CVE-2024-7775 MEDIUM PATCH This Month

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Contact Form Builder
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-43397 MEDIUM PATCH This Month

Apollo is a configuration management system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Apollo
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-43377 MEDIUM PATCH This Month

Umbraco CMS is an ASP.NET CMS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Umbraco Cms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-38808 MEDIUM PATCH This Month

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Spring Framework Active Iq Unified Manager Oncommand Insight
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy