Skip to main content
CVE-2024-8948 MEDIUM POC PATCH This Month

A vulnerability was found in MicroPython 1.23.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Micropython
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.0%
CVE-2024-8946 MEDIUM POC PATCH This Month

A vulnerability was found in MicroPython 1.23.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Micropython
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.0%
CVE-2024-8944 MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, was found in code-projects Hospital Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Hospital Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.1%
CVE-2024-8093 MEDIUM POC This Month

The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Posts Reminder
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-8091 MEDIUM POC This Month

The Enhanced Search Box WordPress plugin through 0.6.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Enhanced Search Box
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-8047 MEDIUM POC This Month

The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Visual Sound
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-8044 MEDIUM POC This Month

The infolinks Ad Wrap WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Infolinks Ad Wrap
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-8947 MEDIUM POC PATCH This Month

A vulnerability was found in MicroPython 1.22.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Micropython
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
1.0%
CVE-2024-8052 MEDIUM POC This Month

The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Review Ratings
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-8092 MEDIUM POC This Month

The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Accordion Image Menu
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-8051 MEDIUM POC This Month

The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Special Feed Items
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-8951 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Resort Reservation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8945 MEDIUM POC THREAT This Month

A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rise Ultimate Project Manager
NVD VulDB Exploit-DB
CVSS 4.0
5.3
EPSS
14.5%
CVE-2024-5170 MEDIUM POC This Month

The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Logo Manager For Enamad
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-44187 MEDIUM This Month

A cross-origin issue existed with "iframe" elements. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-44008 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows Stored XSS.13.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-44047 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IDX Broker IMPress for IDX Broker idx-broker-platinum allows Stored XSS.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-43938 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Peters Name Directory name-directory.29.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-45452 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cryout-creations Septera septera allows Stored XSS.5.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-45451 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cryout-creations Roseta roseta allows Stored XSS.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-44051 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) custom-post-widget allows Stored XSS.3.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-44050 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cryout-creations Verbosa verbosa allows Stored XSS.2.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-44049 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Gutenberg Blocks unlimited-blocks.2.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-45816 MEDIUM PATCH This Month

Backstage is an open framework for building developer portals. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Backstage
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-45815 MEDIUM PATCH This Month

Backstage is an open framework for building developer portals. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure Backstage
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-45537 MEDIUM PATCH This Month

Apache Druid allows users with certain permissions to read data from other database systems using JDBC. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Druid
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-8490 MEDIUM PATCH This Month

The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Propertyhive
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-44124 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Ipados Iphone Os
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-40866 MEDIUM This Month

The issue was addressed with improved UI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari macOS
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-45812 MEDIUM PATCH This Month

Vite a frontend build tooling framework for javascript. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.4
EPSS
0.6%
CVE-2024-8939 MEDIUM This Month

A vulnerability was found in the ilab model serve component, where improper handling of the best_of parameter in the vllm JSON web API can lead to a Denial of Service (DoS). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-40797 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-40857 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-8907 MEDIUM This Month

Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Chrome
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8897 MEDIUM This Month

Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Google Mozilla Firefox
NVD
CVSS 3.1
6.1
EPSS
6.9%
CVE-2024-8761 MEDIUM PATCH This Month

The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Open Redirect Share This Image
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40826 MEDIUM This Month

A privacy issue was addressed with improved handling of files. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-8796 MEDIUM PATCH This Month

Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & < 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Devise Two Factor
NVD GitHub
CVSS 4.0
6.0
EPSS
0.6%
CVE-2024-43977 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD VulDB
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-37985 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.6).

Information Disclosure Microsoft Windows 11 22h2 Windows 11 23h2
NVD
CVSS 3.1
5.6
EPSS
0.7%
CVE-2024-44176 MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-44167 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apple Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-44169 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-44178 MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-44190 MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Apple macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-44182 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-44181 MEDIUM This Month

An issue was addressed with improved handling of temporary files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-44177 MEDIUM This Month

A privacy issue was addressed by removing sensitive data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-44170 MEDIUM This Month

A privacy issue was addressed by moving sensitive data to a more secure location. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-44166 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy