Skip to main content
CVE-2024-9039 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-9037 MEDIUM POC This Month

A vulnerability classified as critical has been found in Codezips Internal Marks Calculation 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Internal Marks Calculation
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-9035 MEDIUM POC This Month

A vulnerability was found in code-projects Blood Bank Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-9034 MEDIUM POC This Month

A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Patient Record Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-46647 MEDIUM POC This Month

eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via upload_files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Enms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-46646 MEDIUM POC This Month

eNMS up to 4.7.1 is vulnerable to Directory Traversal via /download/file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Enms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-46644 MEDIUM POC This Month

eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via edit_file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Enms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-42697 MEDIUM POC This Month

Cross Site Scripting vulnerability in Leotheme Leo Product Search Module v.2.1.6 and earlier allows a remote attacker to execute arbitrary code via the q parameter of the product search function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9041 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-9038 MEDIUM POC This Month

A vulnerability classified as problematic was found in Codezips Online Shopping Portal 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-9036 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Bookstore 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Book Store Project
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-9033 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9032 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Simple Forum-Discussion System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Simple Forum Discussion System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-9030 MEDIUM POC This Month

A vulnerability classified as problematic was found in CodeCanyon CRMGo SaaS 7.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Crmgo Saas
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9011 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Crud Operation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Crud Operation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-9009 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Online Quiz Site 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Quiz Site
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-46654 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Maccms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-45229 MEDIUM This Month

The Versa Director offers REST APIs for orchestration and management. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.0
6.6
EPSS
0.5%
CVE-2024-47060 MEDIUM PATCH This Month

Zitadel is an open source identity management platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Authentication Bypass Information Disclosure Zitadel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-46999 MEDIUM PATCH This Month

Zitadel is an open source identity management platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Authentication Bypass Zitadel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-45808 MEDIUM This Month

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Envoy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-45806 MEDIUM This Month

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Envoy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-42346 MEDIUM PATCH This Month

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Galaxy
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-9031 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up to 7.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Crmgo Saas
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-45793 MEDIUM PATCH This Month

Confidant is a open source secret management service that provides user-friendly storage and access to secrets. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-37879 MEDIUM This Month

Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-9040 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Blood Bank Management System
NVD VulDB
CVSS 4.0
4.6
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy