Skip to main content
CVE-2024-45258 CRITICAL PATCH Act Now

The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-8154 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester QR Code Bookmark System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Qr Code Bookmark System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8153 MEDIUM POC This Month

A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Qr Code Bookmark System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8152 MEDIUM POC This Month

A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Qr Code Bookmark System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8151 MEDIUM POC This Month

A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Interactive Map With Marker
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-8147 MEDIUM POC This Month

A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical.php?action=editPharmacist. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pharmacy Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8146 MEDIUM POC This Month

A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pharmacy Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8144 MEDIUM POC This Month

A vulnerability classified as problematic was found in ClassCMS 4.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Classcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8142 MEDIUM POC This Month

A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Daily Calories Monitoring Tool
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8141 MEDIUM POC This Month

A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Daily Calories Monitoring Tool
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8140 MEDIUM POC This Month

A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Task Progress Tracker
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8139 MEDIUM POC This Month

A vulnerability has been found in itsourcecode E-Commerce Website 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Commerce Website
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8138 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pharmacy Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8155 MEDIUM POC This Month

A vulnerability classified as critical was found in ContiNew Admin 3.2.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Admin
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-8150 MEDIUM POC This Month

A vulnerability was found in ContiNew Admin 3.2.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Continew Admin
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-8145 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in ClassCMS 4.8. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Classcms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-8158 HIGH PATCH This Week

A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Lib9P
NVD
CVSS 4.0
8.8
EPSS
0.4%
CVE-2024-42337 MEDIUM This Month

CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Identity
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-45244 MEDIUM PATCH This Month

Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Fabric
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-42340 MEDIUM This Month

CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Identity
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-42339 MEDIUM This Month

CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Identity
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-42338 MEDIUM This Month

CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Identity
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-8011 LOW Monitor

Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple Options
NVD
CVSS 4.0
2.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy