Skip to main content
CVE-2024-8880 MEDIUM POC This Month

A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Playsms
NVD VulDB
CVSS 4.0
6.3
EPSS
0.7%
CVE-2024-42796 MEDIUM POC This Month

An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Music Management System
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-42794 MEDIUM POC This Month

Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Music Management System
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-42795 MEDIUM POC This Month

An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Music Management System
NVD GitHub
CVSS 3.1
4.2
EPSS
0.2%
CVE-2024-8766 MEDIUM This Month

Local privilege escalation due to DLL hijacking vulnerability. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Microsoft
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2024-34016 MEDIUM This Month

Local privilege escalation due to DLL hijacking vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2024-45835 MEDIUM PATCH This Month

Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mattermost Google Mattermost Desktop
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-38315 MEDIUM This Month

IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Aspera Shares
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-45833 MEDIUM This Month

Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Mobile
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-8780 MEDIUM This Month

OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Omflow
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-8778 MEDIUM This Month

OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Omflow
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-8776 MEDIUM This Month

SmartRobot by INTUMIT contains a reflected cross-site scripting (XSS) vulnerability in an insufficiently validated page parameter that allows unauthenticated remote attackers to inject malicious JavaScript code. An attacker can craft a malicious URL and trick users into clicking it, enabling session hijacking, credential theft, or malware distribution. With a CVSS score of 6.1 and EPSS score of 0.18% (39th percentile), the vulnerability is of moderate severity with relatively low current exploitation probability, though the low attack complexity and lack of authentication requirements make it practically exploitable.

XSS Smartrobot
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-4283 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-45801 MEDIUM PATCH This Month

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Denial Of Service Dompurify
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-45799 MEDIUM This Month

FluxCP is a web-based Control Panel for rAthena servers written in PHP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fluxcp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-46970 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Intellij Idea
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-36261 MEDIUM This Month

Improper access control in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Intel Denial Of Service Raid Web Console
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-36247 MEDIUM This Month

Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Intel Denial Of Service Raid Web Console
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-34545 MEDIUM This Month

Improper input validation in some Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable information disclosure via adjacent access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Raid Web Console
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-32940 MEDIUM This Month

Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Intel Denial Of Service Raid Web Console
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-33848 MEDIUM This Month

Uncaught exception in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Raid Web Console
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-32666 MEDIUM This Month

NULL pointer dereference in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Intel Denial Of Service Raid Web Console
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-28170 MEDIUM This Month

Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Intel Raid Web Console
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-22013 MEDIUM This Month

U-Boot environment is read from unauthenticated partition. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nest Wifi Pro Firmware Nest Wifi Point Firmware Nest Wifi Router Firmware
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-39772 MEDIUM PATCH This Month

Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Desktop
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-1578 MEDIUM This Month

The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card. Rated medium severity (CVSS 5.3). No vendor patch available.

Information Disclosure Micard Plus Ci Firmware Micard Plus Ble Firmware
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-45800 MEDIUM This Month

Snappymail is an open source web-based email client. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.0
EPSS
0.3%
CVE-2024-39910 MEDIUM PATCH This Month

decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Decidim
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-32034 MEDIUM PATCH This Month

decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Decidim
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-8661 MEDIUM PATCH This Month

Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" block. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Concrete Cms
NVD GitHub
CVSS 4.0
4.6
EPSS
0.4%
CVE-2024-6685 MEDIUM This Month

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy