Skip to main content
CVE-2024-8112 MEDIUM POC This Month

A vulnerability was found in thinkgem JeeSite 5.3. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jeesite
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-45190 MEDIUM POC This Month

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mage Ai
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-45189 MEDIUM POC This Month

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mage Ai
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-45188 MEDIUM POC This Month

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mage Ai
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-44387 MEDIUM POC This Month

Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the functino formWrlExtraGet. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh1206 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-42852 MEDIUM POC This Month

Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-6715 MEDIUM POC This Month

The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/) in v3.1.39. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Ditty
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-42918 MEDIUM POC This Month

itsourcecode Online Accreditation Management System contains a Cross Site Scripting vulnerability, which allows an attacker to execute arbitrary code via a crafted payload to the SCHOOLNAME,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Online Accreditation Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-8089 MEDIUM POC This Month

A vulnerability was found in SourceCodester E-Commerce System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload E Commerce System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-40111 MEDIUM POC This Month

A persistent (stored) cross-site scripting (XSS) vulnerability has been identified in Automad 2.0.0-alpha.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Automad
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2024-3282 MEDIUM POC This Month

The WP Table Builder WordPress plugin through 1.5.0 does not sanitise and escape some of its Table data, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Table Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-7986 MEDIUM This Month

A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Rockwell Thinmanager
NVD
CVSS 4.0
6.8
EPSS
0.6%
CVE-2024-42364 MEDIUM This Month

Homepage is a highly customizable homepage with Docker and service API integrations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Homepage
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-38207 MEDIUM PATCH This Month

Microsoft Edge (HTML-based) Memory Corruption Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Buffer Overflow Microsoft Memory Corruption Edge Chromium
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-38807 MEDIUM PATCH This Month

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where. Rated medium severity (CVSS 6.3). No vendor patch available.

Authentication Bypass Java
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-37392 MEDIUM This Month

A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Smseagle
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-43794 MEDIUM This Month

OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-41150 MEDIUM This Month

An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp Manageengine Supportcenter Plus
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2024-41878 MEDIUM This Month

Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41877 MEDIUM This Month

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41876 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41875 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41848 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41847 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41846 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41845 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41844 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41843 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41841 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-42766 MEDIUM This Month

Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /deleteTicket.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PHP Bus Ticket Reservation System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-38869 MEDIUM This Month

Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.3.2416.04 and before 11.3.2400.25. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zoho Microsoft Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp +1
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2024-5502 MEDIUM PATCH This Month

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Piotnet Addons
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7428 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in OpenText™ Network Node Manager i (NNMi) allows URL Redirector Abuse.11, 2023.05, 23.4, 24.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect
NVD
CVSS 4.0
4.8
EPSS
0.4%
CVE-2024-7427 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Network Node Manager i (NNMi) could allow Cross-Site Scripting (XSS).11,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
4.8
EPSS
0.4%
CVE-2024-41842 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-43105 MEDIUM PATCH This Month

Mattermost Plugin Channel Export versions <=1.0.0 fail to restrict concurrent runs of the /export command which allows a user to consume excessive resource by running the /export command multiple times at once.

Denial Of Service Channel Export
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-43031 MEDIUM This Month

autMan v2.9.6 was discovered to contain an access control issue. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Autman
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-43032 MEDIUM This Month

autMan v2.9.6 allows attackers to bypass authentication via a crafted web request. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Autman
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-41849 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
CVSS 3.1
4.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy