Skip to main content
CVE-2024-45596 MEDIUM POC PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-34831 MEDIUM POC This Month

cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Gibbon
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-44872 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Mozilocms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-38217 MEDIUM POC KEV PATCH THREAT This Month

Windows Mark of the Web Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.4
EPSS
9.8%
CVE-2024-45591 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
5.3
EPSS
3.4%
CVE-2024-45407 MEDIUM POC PATCH This Month

Sunshine is a self-hosted game stream host for Moonlight. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Sunshine
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-44676 MEDIUM POC This Month

eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Eladmin
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-7955 MEDIUM POC This Month

The Starbox WordPress plugin before 3.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Starbox
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-7891 MEDIUM POC This Month

The Floating Contact Button WordPress plugin before 2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Floating Contact Button
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-44815 MEDIUM POC This Month

Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Skyworth Cm5100 511 Firmware
NVD GitHub
CVSS 3.1
4.6
EPSS
0.6%
CVE-2024-8655 MEDIUM This Month

A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-40754 MEDIUM This Month

Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Samsung
NVD GitHub
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-37993 MEDIUM This Month

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Simatic Rf360R Firmware Simatic Rf1170R Firmware Simatic Rf1140R Firmware +24
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-43781 MEDIUM This Month

A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK 840D sl V4 (All versions < V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6),. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.8
EPSS
0.2%
CVE-2024-8441 MEDIUM This Month

An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Endpoint Manager
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2024-39580 MEDIUM This Month

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Insightiq
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-43487 MEDIUM PATCH This Month

Windows Mark of the Web Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +5
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-43482 MEDIUM PATCH This Month

Microsoft Outlook for iOS Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Apple Information Disclosure Microsoft Outlook
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-38235 MEDIUM PATCH This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Denial Of Service Memory Corruption Windows 10 1507 +12
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-38234 MEDIUM PATCH This Month

Windows Networking Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-31490 MEDIUM This Month

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortisandbox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-6509 MEDIUM This Month

Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-6173 MEDIUM This Month

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-45504 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-45286 MEDIUM This Month

Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure SAP
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-38270 MEDIUM This Month

An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Gs1900 48Hpv2 Firmware Gs1900 48 Firmware Gs1900 24Hpv2 Firmware +7
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-45393 MEDIUM PATCH This Month

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Computer Vision Annotation Tool
NVD GitHub
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-38254 MEDIUM PATCH This Month

Windows Authentication Information Disclosure Vulnerability. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
6.2
EPSS
0.7%
CVE-2024-45592 MEDIUM PATCH This Month

auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Auditor Bundle
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-7784 MEDIUM This Month

During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-45279 MEDIUM This Month

Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-42378 MEDIUM This Month

Due to weak encoding of user-controlled inputs, eProcurement on SAP S/4HANA allows malicious scripts to be executed in the application, potentially leading to a Reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-21753 MEDIUM This Month

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Denial Of Service Fortinet Forticlient Endpoint Management Server
NVD
CVSS 3.1
6.0
EPSS
0.7%
CVE-2024-37991 MEDIUM This Month

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Simatic Rf360R Firmware Simatic Rf1170R Firmware Simatic Rf1140R Firmware Simatic Reader Rf685R Fcc Firmware +23
NVD
CVSS 4.0
6.0
EPSS
0.3%
CVE-2024-42424 MEDIUM This Month

Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Improper Input Validation vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Dell Precision 7920 Rack Firmware 7920 Xl Rack Firmware
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-45283 MEDIUM This Month

SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure SAP
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-25074 MEDIUM This Month

An issue was discovered in Samsung Semiconductor Mobile Processor and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Samsung Denial Of Service Exynos 9820 Firmware Exynos 9825 Firmware Exynos 980 Firmware +13
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-25073 MEDIUM This Month

An issue was discovered in Samsung Semiconductor Mobile Processor and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Samsung Null Pointer Dereference Denial Of Service Exynos 1080 Firmware Exynos 1280 Firmware +14
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-37992 MEDIUM This Month

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Simatic Rf360R Firmware Simatic Rf1170R Firmware Simatic Rf1140R Firmware Simatic Reader Rf685R Fcc Firmware +23
NVD
CVSS 4.0
5.9
EPSS
0.4%
CVE-2024-21528 MEDIUM This Month

All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improper user input sanitization. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Prototype Pollution Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-45281 MEDIUM PATCH This Month

SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity.

Information Disclosure SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2024-7698 MEDIUM This Month

A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware Tc Mguard Rs4000 4G Att Vpn Firmware Tc Mguard Rs4000 3G Vpn Firmware +32
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-44072 MEDIUM This Month

OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2024-38256 MEDIUM PATCH This Month

Windows Kernel-Mode Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +6
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2024-8645 MEDIUM This Month

SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Wireshark
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-42425 MEDIUM This Month

Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Access of Memory Location After End of Buffer vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Dell Precision 7920 Firmware 7920 Xl Firmware
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-43476 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-6282 MEDIUM PATCH This Month

The Master Addons - Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-jltma-wrapper-link element. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Master Addons
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8543 MEDIUM This Month

The Slider comparison image before and after plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [sciba] shortcode in all versions up to, and including, 0.8.3 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Slider Comparison Image Before And After
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-8241 MEDIUM PATCH This Month

The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Nova Blocks
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy