Skip to main content
CVE-2024-45508 CRITICAL POC PATCH Act Now

HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Htmldoc
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-8368 MEDIUM POC This Month

A vulnerability was found in code-projects Hospital Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hospital Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-8370 MEDIUM POC This Month

A vulnerability classified as problematic was found in Grocy up to 4.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Grocy
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-45509 MEDIUM PATCH This Month

In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

PHP Authentication Bypass Misp
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-8367 MEDIUM This Month

A vulnerability was found in HM Courts & Tribunals Service Probate Back Office up to c1afe0cdb2b2766d9e24872c4e827f8b82a6cd31. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Java Microsoft
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-5053 MEDIUM This Month

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized Malichimp API key update due to an insufficient capability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Contact Form
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy