Skip to main content
CVE-2024-8301 MEDIUM POC This Month

A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Dingfanzu
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-41349 MEDIUM POC This Month

unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via application/views/marks/add_by_url.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Unmark
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41371 MEDIUM POC This Month

Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Organizr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41358 MEDIUM POC This Month

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpipam
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
1.5%
CVE-2024-41351 MEDIUM POC This Month

bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/getContent.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bjyadmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41350 MEDIUM POC This Month

bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/imageUp.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bjyadmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41348 MEDIUM POC This Month

openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Openflights
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-41347 MEDIUM POC This Month

openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Openflights
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8250 MEDIUM POC This Month

NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-41346 MEDIUM POC This Month

openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Openflights
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41345 MEDIUM POC This Month

openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/trip.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Openflights
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-44919 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Seacms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5417 MEDIUM POC This Month

The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gutentor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8302 MEDIUM POC This Month

A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Dingfanzu
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-8296 MEDIUM POC This Month

A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical.php?r=user%2Fcreate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Feehicms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-8295 MEDIUM POC This Month

A vulnerability has been found in FeehiCMS up to 2.1.1 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Feehicms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-8294 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Feehicms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-45440 MEDIUM POC PATCH This Month

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Drupal
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
9.3%
CVE-2024-8304 MEDIUM POC This Month

A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Jpress
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-7132 MEDIUM POC This Month

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.13 does not escape the content of post embed via one of its block, which could allow users with the capability to publish posts (editor. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Coblocks
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-6927 MEDIUM POC This Month

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Viral Signup
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-4428 MEDIUM This Month

Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.05.2024. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Managment Portal
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-8297 MEDIUM PATCH This Month

A vulnerability was found in kitsada8621 Digital Library Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Digital Library Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-7857 MEDIUM PATCH This Month

The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection via the 'sort_type' parameter of the 'mlf_change_sort_type' AJAX action in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Media Library Folders
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-43953 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webcodingplace Classic Addons - WPBakery Page Builder classic-addons-wpbakery-page-builder-addons. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WPBakery Page Builder
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-44930 MEDIUM PATCH This Month

Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Serilog Enrichers Clientinfo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-43940 MEDIUM This Month

Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.4.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zynith
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-43939 MEDIUM This Month

Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.4.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zynith
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-38304 MEDIUM This Month

Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Dell Emc Xc Core Xcxr2 Firmware Emc Xc Core Xc940 System Firmware +29
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-1384 MEDIUM This Month

The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_recent_portfolios_grid' shortcode in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Auxinportfolio
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-43954 MEDIUM This Month

Missing Authorization vulnerability in Themeum Droip droip allows Exploiting Incorrectly Configured Access Control Security Levels.5.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-44776 MEDIUM This Month

An Open Redirect vulnerability in the page parameter of vTiger CRM v7.4.0 allows attackers to redirect users to a malicious site via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Vtiger Crm
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-43921 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Magic Post Thumbnail allows Reflected XSS.2.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Magic Post Thumbnail
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-44717 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dedebiz
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-44716 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dedebiz
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-43963 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WaspThemes YellowPencil Visual CSS Style Editor allows Reflected XSS.6.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Yellowpencil
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-43958 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gianni Porto IntoTheDark allows Reflected XSS.0.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Intothedark
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-43950 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nextbricks Brickscore allows Stored XSS.4.2.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bricksore
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-43948 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dinesh Karki WP Armour Extended.26. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Armour
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-43926 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Reflected XSS.8.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Beaver Builder
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-45045 MEDIUM This Month

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Google Microsoft Online
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41918 MEDIUM This Month

'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Google Ichiba
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-38303 MEDIUM This Month

Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Improper Input Validation vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Dell Emc Xc Core Xcxr2 Firmware Emc Xc Core Xc940 System Firmware +29
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-45056 MEDIUM PATCH This Month

zksolc is a Solidity compiler for ZKsync. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Zksolc
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-3679 MEDIUM This Month

The Premium SEO Pack - WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.002. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Wp Seo Plugin
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-2541 MEDIUM This Month

The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the Subscribers Import feature. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Popup Builder
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-1543 MEDIUM This Month

The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Wolfssl
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-34018 MEDIUM This Month

Sensitive information disclosure due to insecure folder permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Microsoft Snap Deploy
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-43920 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.9.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gutenverse
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-43964 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Leithold DSGVO All in one for WP allows Stored XSS.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dsgvo All In One For Wp
NVD
CVSS 3.1
5.4
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy