Skip to main content
CVE-2024-45308 MEDIUM POC PATCH This Month

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Hedgedoc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-43792 MEDIUM POC This Month

Halo is an open source website building tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Halo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-7692 MEDIUM POC This Month

The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Flaming Forms
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-7691 MEDIUM POC This Month

The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Flaming Forms
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-7354 MEDIUM POC This Month

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ninja Forms
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-45527 MEDIUM POC This Month

REDCap 14.7.0 allows HTML injection via the project title of a New Project action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Redcap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-45528 MEDIUM POC This Month

CodeAstro MembershipM-PHP (aka Membership Management System in PHP) 1.0 allows add_members.php fullname stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Membership Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-43797 MEDIUM POC This Month

audiobookshelf is a self-hosted audiobook and podcast server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Audiobookshelf
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-7690 MEDIUM POC This Month

The DN Popup WordPress plugin through 1.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Dn Popup
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-33016 MEDIUM This Month

memory corruption when an invalid firehose patch command is invoked. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qcn9000 Firmware Qcn9011 Firmware Qcn9012 Firmware Qcn9013 Firmware +327
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-20087 MEDIUM This Month

In vdec, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20086 MEDIUM This Month

In vdec, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-8365 MEDIUM PATCH This Month

Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-45306 MEDIUM PATCH This Month

Vim is an open source, command line text editor. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Vim
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-44947 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2024-33043 MEDIUM PATCH This Month

Transient DOS while handling PS event when Program Service name length offset value is set to 255. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Apq8017 Firmware Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +193
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-39612 MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-38382 MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-28044 MEDIUM This Month

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-45621 MEDIUM This Month

The Electron desktop application of Rocket.Chat through 6.3.4 allows stored XSS via links in an uploaded file, related to failure to use a separate browser upon encountering third-party external. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rocket Chat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-45313 MEDIUM PATCH This Month

Overleaf is a web-based collaborative LaTeX editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Docker Overleaf
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-43801 MEDIUM PATCH This Month

Jellyfin is an open source self hosted media server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

XSS Information Disclosure Jellyfin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-28100 MEDIUM This Month

eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elabftw
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8004 MEDIUM This Month

A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3dexperience Enovia
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7939 MEDIUM This Month

A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3Dexperience
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7938 MEDIUM This Month

A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3Dexperience
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7932 MEDIUM This Month

A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3Dexperience
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-45312 MEDIUM PATCH This Month

Overleaf is a web-based collaborative LaTeX editor. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Overleaf
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-6920 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NAC Telecommunication Systems Inc. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nacpremium
NVD VulDB
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-20088 MEDIUM This Month

In keyinstall, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20085 MEDIUM This Month

In power, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto Rdk B Android +1
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20084 MEDIUM This Month

In power, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto Rdk B Android +1
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-45270 MEDIUM This Month

WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Carousel Slider
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-45269 MEDIUM This Month

WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Carousel Slider
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy