Skip to main content
CVE-2024-46938 HIGH POC THREAT This Week

An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Experience Commerce Experience Manager Experience Platform
NVD
CVSS 3.1
7.5
EPSS
46.1%
CVE-2024-8868 MEDIUM POC This Month

A vulnerability was found in code-projects Crud Operation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Crud Operation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-8866 MEDIUM POC This Month

A vulnerability was found in AutoCMS 5.4. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Autocms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-8876 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in xiaohe4966 TpMeCMS up to 1.3.3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tpmecms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-8875 MEDIUM POC This Month

A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Wcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.9%
CVE-2024-8867 MEDIUM POC This Month

A vulnerability was found in Perfex CRM 3.1.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Perfex Crm
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-8865 MEDIUM POC This Month

A vulnerability was found in composiohq composio up to 0.5.8 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Composio
NVD VulDB
CVSS 4.0
5.1
EPSS
0.9%
CVE-2024-8864 MEDIUM POC This Month

A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Composio
NVD VulDB
CVSS 4.0
5.1
EPSS
0.8%
CVE-2024-46943 HIGH This Week

An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Authorization And Accounting
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-45459 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Reflected XSS.13.50. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-45458 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Reflected XSS.9.13. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-44059 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-45457 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Stored XSS.9.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-45456 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO wp-meta-seo allows Stored XSS.5.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-46942 MEDIUM This Month

In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Model Driven Service Abstraction Layer
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-44053 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Opor Ayam
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-44060 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jennifer Hall Filmix allows Reflected XSS.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Filmix
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-45460 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in manu225 Flipping Cards flipping-cards allows Stored XSS.30. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-45455 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO wp-meta-seo allows Stored XSS.5.13. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-44058 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Parabola allows Stored XSS.4.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Parabola
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-44057 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Nirvana allows Stored XSS.6.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nirvana
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-44056 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Mantra allows Stored XSS.3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mantra
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-44054 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Fluida allows Stored XSS.8.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fluida
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-44063 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.26.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Happyforms
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-44062 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.6.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Custom Field Template
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-46918 MEDIUM PATCH This Month

app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

PHP Authentication Bypass Misp
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-8869 LOW Monitor

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection A720R Firmware
NVD VulDB
CVSS 4.0
2.3
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy