Skip to main content
CVE-2024-8343 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Sentiment Based Movie Rating System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Sentiment Based Movie Rating System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-8340 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Electric Billing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Electric Billing Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-45047 MEDIUM POC PATCH This Month

svelte performance oriented web framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Svelte
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8348 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Computer Laboratory Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8347 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Computer Laboratory Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Computer Laboratory Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8346 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Computer Laboratory Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8345 MEDIUM POC This Month

A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Music Gallery Site
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8344 MEDIUM POC This Month

A vulnerability has been found in Campcodes Supplier Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Supplier Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-8342 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Petshop Management System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Pet Shop Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8341 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Petshop Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Pet Shop Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-8339 MEDIUM POC This Month

A vulnerability was found in SourceCodester Electric Billing Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Electric Billing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8337 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Contact Manager with Export to VCF 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Contact Manager With Export To Vcf
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8336 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Music Gallery Site
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8335 MEDIUM POC This Month

A vulnerability classified as critical has been found in OpenRapid RapidCMS up to 1.3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rapidcms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8332 MEDIUM POC PATCH This Month

A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Sweet Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8331 MEDIUM POC This Month

A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rapidcms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5061 MEDIUM This Month

The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapper_class’ and 'class' parameters in all versions up to, and including, 6.0.3. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Enfold
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-7858 MEDIUM PATCH This Month

The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress PHP Media Library Folders
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-34577 MEDIUM This Month

Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B and WRC-X3000GST2-B due to improper processing of input values in easysetup.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wrc X3000Gs2 B Firmware Wrc X3000Gs2 W Firmware Wrc X3000Gs2A B Firmware
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2024-44684 MEDIUM This Month

TpMeCMS 1.3.3.2 is vulnerable to Cross Site Scripting (XSS) in /h.php/page?ref=addtabs via the "Title," "Images," and "Content" fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Tpmecms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-44683 MEDIUM This Month

Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Seacms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-44682 MEDIUM This Month

ShopXO 6.2 is vulnerable to Cross Site Scripting (XSS) in the backend that allows attackers to execute code by changing POST parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Shopxo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8274 MEDIUM PATCH This Month

The WP Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters from 'timeline_obj' in all versions up to, and including, 10.5 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Booking Calendar
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-42412 MEDIUM This Month

Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wab S1167 Ps Firmware Wab I1750 Ps Firmware
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-5024 MEDIUM This Month

The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mepr_screenname' and 'mepr_key' parameter in all versions up to, and including, 1.11.29 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Memberpress
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8285 MEDIUM PATCH This Month

A flaw was found in Kroxylicious. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Kroxylicious
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-44944 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID Delete expectation path is missing a call to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-6585 MEDIUM This Month

Multiple stored cross-site scripting (“XSS”) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-7122 MEDIUM PATCH This Month

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13.6 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Elementor Addon Elements
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-5879 MEDIUM PATCH This Month

The HubSpot - CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute of the HubSpot Meeting Widget in all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Hubspot
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3998 MEDIUM This Month

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Betheme
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-4401 MEDIUM PATCH This Month

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Elementor Addon Elements
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8328 MEDIUM This Month

Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Easy Test Online Learning And Testing Platform
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8338 MEDIUM This Month

A vulnerability was found in HFO4 shudong-share 2.4.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Shudong Share
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-8334 MEDIUM PATCH This Month

A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Sweet Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-21658 MEDIUM This Month

discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Discourse Calendar
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-8319 MEDIUM PATCH This Month

The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Tourfic
NVD
CVSS 3.1
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy