Skip to main content
CVE-2024-9091 MEDIUM POC This Month

A vulnerability was found in code-projects Student Record System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-23922 MEDIUM POC PATCH This Month

Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Xav Ax5500 Firmware
NVD Exploit-DB
CVSS 3.1
6.8
EPSS
1.8%
CVE-2024-9014 MEDIUM POC PATCH This Month

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pgadmin 4
NVD GitHub
CVSS 3.1
6.5
EPSS
9.7%
CVE-2024-47069 MEDIUM POC PATCH This Month

Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Cookiebar
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-47068 MEDIUM POC PATCH This Month

Rollup is a module bundler for JavaScript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Rollup
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-46241 MEDIUM POC This Month

PHPGurukul Dairy Farm Shop Management System v1.1 is vulnerable to Cross-Site Scripting (XSS) via the pname parameter in add_product.php and edit_product.php. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dairy Farm Shop Management System
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-7846 MEDIUM POC This Month

YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Yith Woocommerce Ajax Search
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9094 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Blood Bank System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blood Bank System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-9093 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Profile Registration without Reload Refresh 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Profile Registration Without Reload Refresh
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-9092 MEDIUM POC This Month

A vulnerability was found in SourceCodester Profile Registration without Reload Refresh 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Profile Registration Without Reload Refresh
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9090 MEDIUM POC This Month

A vulnerability was found in SourceCodester Modern Loan Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Modern Loan Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-9089 MEDIUM POC This Month

A vulnerability was found in SourceCodester Modern Loan Management System 1.0 and classified as problematic.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Modern Loan Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7022 MEDIUM POC This Month

Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-7020 MEDIUM POC This Month

Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-7019 MEDIUM POC This Month

Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-23972 MEDIUM PATCH This Month

Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Xav Ax5500 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-23933 MEDIUM This Month

Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Apple RCE
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2024-39843 MEDIUM This Month

A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon
NVD GitHub
CVSS 3.1
6.7
EPSS
2.2%
CVE-2024-44048 MEDIUM This Month

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress LFI PHP
NVD VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-44540 MEDIUM This Month

Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain a privileged command shell via the UART Debugging Port. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ubiquiti
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-39342 MEDIUM This Month

Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library (i.e. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft
NVD GitHub
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-40441 MEDIUM This Month

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
6.6
EPSS
0.7%
CVE-2024-43996 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ElementsKit ElementsKit Pro allows PHP Local File Inclusion.6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Elementskit
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-8263 MEDIUM This Month

An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Server
NVD GitHub
CVSS 4.0
6.2
EPSS
0.4%
CVE-2024-47227 MEDIUM PATCH This Month

iRedAdmin before 2.6 allows XSS, e.g., via order_name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Iredadmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-39341 MEDIUM This Month

Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file (i.e. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-46544 MEDIUM This Month

Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Tomcat Apache Information Disclosure Denial Of Service +3
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-8770 MEDIUM This Month

A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Enterprise Server
NVD GitHub
CVSS 4.0
5.8
EPSS
0.4%
CVE-2023-46948 MEDIUM This Month

A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-8758 MEDIUM This Month

The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Quiz And Survey Master
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-8903 MEDIUM This Month

Local active protection service settings manipulation due to unnecessary privileges assignment. Rated medium severity (CVSS 4.7). No vendor patch available.

Privilege Escalation Apple Microsoft
NVD
CVSS 3.0
4.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy