Skip to main content
CVE-2024-8883 MEDIUM POC PATCH This Month

A misconfiguration flaw was found in Keycloak. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Build Of Keycloak Openshift Container Platform Openshift Container Platform For Ibm Z Openshift Container Platform For Linuxone +2
NVD GitHub
CVSS 3.1
6.1
EPSS
2.0%
CVE-2024-9008 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Best Online News Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-9007 MEDIUM POC PATCH This Month

A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS 123Solar
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.9%
CVE-2024-9006 MEDIUM POC PATCH This Month

A vulnerability was found in jeanmarc77 123solar 1.8.4.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection PHP RCE 123Solar
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-9004 MEDIUM POC THREAT This Month

A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Command Injection Dar 7000 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
16.2%
CVE-2024-9001 MEDIUM POC This Month

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T10 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
4.0%
CVE-2024-8651 MEDIUM This Month

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Netcat Content Management System
NVD GitHub
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-25673 MEDIUM This Month

Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Couchbase Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8850 MEDIUM PATCH This Month

{email} is used for the field in versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Mailchimp
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-8653 MEDIUM This Month

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Netcat Content Management System
NVD GitHub
CVSS 4.0
5.9
EPSS
0.3%
CVE-2024-8652 MEDIUM This Month

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Netcat Content Management System
NVD GitHub
CVSS 4.0
5.9
EPSS
0.3%
CVE-2024-8375 MEDIUM PATCH This Month

There exists a use after free vulnerability in Reverb. Rated medium severity (CVSS 5.7). This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Google Denial Of Service Reverb
NVD GitHub
CVSS 4.0
5.7
EPSS
0.1%
CVE-2024-8354 MEDIUM This Month

A flaw was found in QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Qemu Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-45769 MEDIUM This Month

A vulnerability was found in Performance Co-Pilot (PCP). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-45614 MEDIUM PATCH This Month

Puma is a Ruby/Rack web server built for parallelism. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Nginx Puma
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-7736 MEDIUM This Month

A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3dexperience Enovia
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8364 MEDIUM This Month

The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wp Custom Fields Search
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-9003 MEDIUM This Month

A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jflow
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-47162 MEDIUM This Month

In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-47160 MEDIUM This Month

In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Youtrack
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-45770 MEDIUM This Month

A vulnerability was found in Performance Co-Pilot (PCP). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-38221 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Google Microsoft Edge Chromium
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-47159 MEDIUM This Month

In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Youtrack
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy