Skip to main content
CVE-2024-8605 MEDIUM POC This Month

A vulnerability classified as problematic was found in code-projects Inventory Management 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Inventory Management
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-7688 MEDIUM POC This Month

The AZIndex WordPress plugin through 0.8.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin delete arbitrary indexes via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Azindex
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-42759 MEDIUM POC This Month

An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ellevo
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-44085 MEDIUM POC This Month

ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Onlyoffice
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-8611 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-8610 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Best House Rental Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Best House Rental Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-45406 MEDIUM POC PATCH This Month

Craft is a content management system (CMS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Craft Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-7918 MEDIUM POC This Month

The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pocket Widget
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-6910 MEDIUM POC This Month

The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Eventon
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-5561 MEDIUM POC This Month

The Popup Maker WordPress plugin before 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Maker
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-8373 MEDIUM POC This Month

Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Angularjs Active Iq Unified Manager
NVD HeroDevs
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-8372 MEDIUM POC This Month

Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Angularjs Active Iq Unified Manager
NVD HeroDevs
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-7689 MEDIUM POC This Month

The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Snapshot Backup
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-7687 MEDIUM POC This Month

The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Azindex
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-8604 MEDIUM This Month

A vulnerability classified as problematic has been found in SourceCodester Online Food Ordering System 2.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Online Food Ordering System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-8585 MEDIUM This Month

Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Orca Hcm
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-6572 MEDIUM This Month

Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 4.0
6.3
EPSS
0.3%
CVE-2024-7260 MEDIUM PATCH This Month

An open redirect vulnerability was found in Keycloak. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Build Of Keycloak Keycloak
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-24510 MEDIUM PATCH This Month

Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Sogo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-45625 MEDIUM PATCH This Month

Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Forminator
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8586 MEDIUM This Month

WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Webitr
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-27365 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-27368 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samsung Exynos 980 Firmware Exynos 850 Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-27367 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samsung Exynos 980 Firmware Exynos 850 Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-27366 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor, Wearable Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samsung Exynos 980 Firmware Exynos 850 Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-27364 MEDIUM This Month

An issue was discovered in Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samsung Exynos 980 Firmware Exynos 850 Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-7318 MEDIUM PATCH This Month

A vulnerability was found in Keycloak. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Build Of Keycloak
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-45203 MEDIUM This Month

Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google Cosme
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy