Skip to main content
CVE-2024-8711 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Food Ordering Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-42483 MEDIUM POC PATCH This Month

ESP-NOW Component provides a connectionless Wi-Fi communication protocol. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Code Injection Esp Now
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-7862 MEDIUM POC This Month

The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Blogintroduction Wordpress Plugin
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-7859 MEDIUM POC This Month

The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Visual Sound
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-7820 MEDIUM POC This Month

The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ilc Thickbox
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-7817 MEDIUM POC This Month

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Misiek Photo Album
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-34335 MEDIUM POC This Month

ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ordat Erp
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8056 MEDIUM POC This Month

The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mm Breaking News
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8054 MEDIUM POC This Month

The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Mm Breaking News
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-7861 MEDIUM POC This Month

The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Misiek Paypal
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-7860 MEDIUM POC This Month

The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Simple Headline Rotator
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-7822 MEDIUM POC This Month

The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Quick Code
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-7818 MEDIUM POC This Month

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Misiek Photo Album
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-7816 MEDIUM POC This Month

The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Gixaw Chat
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-6019 MEDIUM POC This Month

The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Music Request Manager
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-6018 MEDIUM POC This Month

The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Music Request Manager
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-6017 MEDIUM POC This Month

The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Music Request Manager
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-45856 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mindsdb
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-34336 MEDIUM POC This Month

User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ordat Erp
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-8710 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Inventory Management 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Inventory Management
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8709 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8706 MEDIUM POC This Month

A vulnerability was found in JFinalCMS up to 20240903. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Jfinalcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-45383 MEDIUM POC This Month

A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft High Definition Audio Bus Driver
NVD
CVSS 3.1
5.0
EPSS
1.5%
CVE-2024-6887 MEDIUM POC This Month

The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Rafflepress
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-5799 MEDIUM POC This Month

The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cm Popup
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-3163 MEDIUM POC This Month

The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Easy Property Listings
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-6658 MEDIUM This Month

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Multi Tenant Loadmaster Loadmaster
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2024-6840 MEDIUM This Month

An improper authorization flaw exists in the Ansible Automation Controller. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Privilege Escalation Kubernetes
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2024-8311 MEDIUM This Month

An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-8635 MEDIUM This Month

A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-5435 MEDIUM This Month

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-42484 MEDIUM This Month

ESP-NOW Component provides a connectionless Wi-Fi communication protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-38222 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-45303 MEDIUM PATCH This Month

Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Calendar
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-4612 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8750 MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in idoit pro version 28. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS I Doit
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-8622 MEDIUM PATCH This Month

The amCharts: Charts and Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'amcharts_javascript' parameter in all versions up to, and including, 1.4.4 due to the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Amcharts
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-4472 MEDIUM This Month

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-45182 MEDIUM This Month

An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Wibukey
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-41629 MEDIUM This Month

An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fusion Digital Power Designer
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-45607 MEDIUM PATCH This Month

whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Whatsapp Api Js
NVD GitHub
CVSS 3.1
5.3
EPSS
14.1%
CVE-2024-8708 MEDIUM This Month

A vulnerability was found in SourceCodester Best House Rental Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Best House Rental Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-8707 MEDIUM This Month

A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 3.0.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6702 MEDIUM This Month

Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Infinity
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-6701 MEDIUM This Month

Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Infinity
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-6700 MEDIUM This Month

Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Infinity
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-25270 MEDIUM This Month

An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Lms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-6389 MEDIUM This Month

An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy