Skip to main content
CVE-2024-8219 MEDIUM POC This Month

A vulnerability was found in code-projects Responsive Hotel Site 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Responsive Hotel Site
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-8218 MEDIUM POC This Month

A vulnerability was found in code-projects Online Quiz Site 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Quiz Site
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-8217 MEDIUM POC This Month

A vulnerability has been found in SourceCodester E-Commerce Website 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Commerce Website
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-43788 MEDIUM POC PATCH This Month

Webpack is a module bundler. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Webpack
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-8223 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Music Gallery Site
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8222 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Music Gallery Site
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8221 MEDIUM POC This Month

A vulnerability was found in SourceCodester Music Gallery Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Music Gallery Site
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8220 MEDIUM POC This Month

A vulnerability was found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8214 MEDIUM POC This Month

A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 315L Firmware Dns 320Lw Firmware Dns 1550 04 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
5.2%
CVE-2024-8213 MEDIUM POC This Month

A vulnerability classified as critical has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 315L Firmware Dns 320Lw Firmware Dns 1550 04 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.2%
CVE-2024-8212 MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 315L Firmware Dns 320Lw Firmware Dns 1550 04 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.5%
CVE-2024-8211 MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 315L Firmware Dns 320Lw Firmware Dns 1550 04 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
5.4%
CVE-2024-8210 MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 315L Firmware Dns 320Lw Firmware Dns 1550 04 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.5%
CVE-2024-8207 MEDIUM This Month

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure MongoDB
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-40395 MEDIUM This Month

An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Thingworx
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-45037 MEDIUM PATCH This Month

The AWS Cloud Development Kit (CDK) is an open-source framework for defining cloud infrastructure using code. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Aws Cloud Development Kit
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-8046 MEDIUM This Month

The Logo Showcase Ultimate - Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-5288 MEDIUM This Month

An issue was discovered in wolfSSL before 5.7.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Wolfssl
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-7608 MEDIUM This Month

An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-41175 MEDIUM This Month

The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local denial-of-service attack by a low privileged attacker. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Ipc Diagnostics Package Twincat Bsd
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-7791 MEDIUM PATCH This Month

The 140+ Widgets | Xpro Addons For Elementor - FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arrow’ parameter within the Post Grid widget in all versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Xpro Addons For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7304 MEDIUM PATCH This Month

The Ninja Tables - Easiest Data Table Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.12 due to insufficient. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Ninja Tables
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-6804 MEDIUM PATCH This Month

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.7 due to insufficient input sanitization and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Jeg Elementor Kit
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-8216 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in nafisulbari/itsourcecode Insurance Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PHP Life Insurance Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8209 MEDIUM This Month

A vulnerability was found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Life Insurance Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-8208 MEDIUM This Month

A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Life Insurance Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-5814 MEDIUM This Month

A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wolfssl
NVD GitHub
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-1544 MEDIUM This Month

Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wolfssl
NVD GitHub
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-8200 MEDIUM PATCH This Month

The Reviews Feed - Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Google Reviews Feed
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-8199 MEDIUM PATCH This Month

The Reviews Feed - Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to unauthorized modification of data due to a missing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Google Reviews Feed
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-7941 MEDIUM This Month

An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Microscada X Sys600
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-6688 MEDIUM This Month

The Oxygen Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the oxy_save_css_from_admin AJAX action in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy