Skip to main content
CVE-2024-45299 MEDIUM POC PATCH This Month

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Alf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-45300 MEDIUM POC PATCH This Month

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Race Condition Alf
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-44837 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Drug
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8394 MEDIUM This Month

When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Denial Of Service Memory Corruption Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-21904 MEDIUM This Month

A path traversal vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Qnap Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-7611 MEDIUM This Month

The Enter Addons - Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute of the Events Card widget in all versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Enter Addons
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-45039 MEDIUM PATCH This Month

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gnark Crypto
NVD GitHub
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-32762 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Qulog Center
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-45400 MEDIUM PATCH This Month

ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Open Link
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-45405 MEDIUM PATCH This Month

`gix-path` is a crate of the `gitoxide` project (an implementation of `git` written in Rust) dealing paths and their conversions. Rated medium severity (CVSS 6.0). No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
6.0
EPSS
0.3%
CVE-2024-45040 MEDIUM PATCH This Month

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Gnark Crypto
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-45751 MEDIUM This Month

tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-27126 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Notes Station 3
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-27122 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Notes Station 3
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-21897 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Qnap Qts Quts Hero
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7599 MEDIUM PATCH This Month

The Advanced Sermons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sermon_video_embed’ parameter in all versions up to, and including, 3.3 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Advanced Sermons
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8317 MEDIUM PATCH This Month

The WP AdCenter - Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ad_alignment’ attribute in all versions up to, and including, 2.5.6 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Adcenter
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-32763 MEDIUM This Month

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts Quts Hero
NVD
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-25584 MEDIUM This Month

Dovecot accepts dot LF DOT LF symbol as end of DATA command. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-7415 MEDIUM PATCH This Month

The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure PHP Remember Me Controls
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-40865 MEDIUM This Month

The issue was addressed by suspending Persona when the virtual keyboard is active. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Visionos
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-27125 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Helpdesk
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-21906 MEDIUM This Month

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qnap Qts Quts Hero
NVD
CVSS 3.1
4.7
EPSS
0.8%
CVE-2024-21903 MEDIUM This Month

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qnap Qts Quts Hero
NVD
CVSS 3.1
4.7
EPSS
0.8%
CVE-2024-7622 MEDIUM PATCH This Month

The Revision Manager TMC plugin for WordPress is vulnerable to unauthorized arbitrary email sending due to a missing capability check on the _a_ajaxQuickEmailTestCallback() function in all versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Revision Manager Tmc
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-8427 MEDIUM PATCH This Month

The Frontend Post Submission Manager Lite - Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Frontend Post Submission Manager
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-44082 MEDIUM This Month

In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Python Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy