Skip to main content
CVE-2024-44920 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Seacms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8380 MEDIUM POC This Month

A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Contact Manager With Export To Vcf
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-42901 MEDIUM POC PATCH This Month

A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Limesurvey
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-41434 MEDIUM POC This Month

PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component (*Column).GetDecimal. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Tidb
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-4259 MEDIUM This Month

Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users.0; AKOS (TahsilatService): before. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Akos
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-4629 MEDIUM PATCH This Month

A vulnerability was found in Keycloak. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Keycloak Build Of Keycloak Single Sign On Openshift Container Platform +3
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-42903 MEDIUM PATCH This Month

A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Limesurvey
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-42904 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Syspass
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-7654 MEDIUM This Month

An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass XSS Openedge
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8386 MEDIUM This Month

If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Mozilla Microsoft Firefox Firefox Esr
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-42061 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel XSS Zld
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-45389 MEDIUM PATCH This Month

Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Pagefind
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-45180 MEDIUM This Month

SquaredUp DS for SCOM 6.2.1.11104 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Squaredup Ds For Scom
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-43412 MEDIUM PATCH This Month

Xibo is an open source digital signage platform with a web content management system (CMS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Xibo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8388 MEDIUM This Month

Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Mozilla Firefox
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-34463 MEDIUM This Month

BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencrypted BLE packets. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.1
EPSS
0.7%
CVE-2024-43803 MEDIUM PATCH This Month

The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-37136 MEDIUM This Month

Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Path To Powerprotect
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-6343 MEDIUM This Month

A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Denial Of Service Zld
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-43413 MEDIUM PATCH This Month

Xibo is an open source digital signage platform with a web content management system (CMS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Xibo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-7346 MEDIUM This Month

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Openedge
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8399 MEDIUM This Month

Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Firefox Focus
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-45678 MEDIUM This Month

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Yubikey 5C Nfc Firmware Yubikey 5 Nfc Firmware Yubikey 5C Firmware Yubikey 5 Nano Firmware +14
NVD
CVSS 3.1
4.2
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy