Skip to main content
CVE-2024-8877 MEDIUM POC THREAT This Month

Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Netman 204 Firmware
NVD
CVSS 4.0
6.9
EPSS
77.0%
CVE-2024-46485 MEDIUM POC This Month

dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dingfanzu Cms
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-46655 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Ellevo
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9148 MEDIUM POC PATCH This Month

Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Embed Flowise
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-46488 MEDIUM POC PATCH This Month

sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Sqlite Vec
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-6845 MEDIUM POC This Month

The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Chatbot With Chatgpt
NVD WPScan
CVSS 3.1
5.3
EPSS
1.1%
CVE-2024-7878 MEDIUM POC This Month

The WP ULike WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Ulike
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-46600 MEDIUM POC This Month

dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dingfanzu Cms
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-7892 MEDIUM POC This Month

The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Adstxt
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-47303 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Cross-Site Scripting (XSS).5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-41445 MEDIUM This Month

Library MDF (mdflib) v2.1 is vulnerable to a heap-based buffer overread via a crafted mdf4 file is parsed using the ReadData function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Mdf Library
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-20508 MEDIUM This Month

A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cisco Denial Of Service Apple +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-20414 MEDIUM This Month

A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Cisco CSRF Ios Xe +1
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-30128 MEDIUM This Month

HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nomad Server On Domino
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-6512 MEDIUM This Month

Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Devolutions Server
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-8621 MEDIUM PATCH This Month

The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word' attribute of the 'quran_verse' shortcode in all versions up to, and including, 2024.08.26 due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Daily Prayer Time
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-8483 MEDIUM PATCH This Month

The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the static_content() function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Mas Static Content
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-38324 MEDIUM This Month

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Defender
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-8515 MEDIUM This Month

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like 'TF E Slider Widget', 'TF Video Widget', 'TF Team Widget' and more in. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Themesflat Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-9028 MEDIUM This Month

The WP GPX Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sgpx' shortcode in all versions up to, and including, 1.7.08 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wp Gpx Maps
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-8103 MEDIUM This Month

The WP Category Dropdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' parameter in all versions up to, and including, 1.8 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wp Category Dropdown
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-8858 MEDIUM PATCH This Month

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘piechart_settings’ parameter in all versions up to, and including, 8.5 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-8919 MEDIUM This Month

The Confetti Fall Animation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'confetti-fall-animation' shortcode in all versions up to, and including, 1.3.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Confetti Fall Animation
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-6590 MEDIUM This Month

The Spreadsheet Integration - Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google WordPress Authentication Bypass Spreadsheet Integration
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-23454 MEDIUM PATCH This Month

Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Apache Information Disclosure Hadoop
NVD
CVSS 3.1
6.2
EPSS
0.4%
CVE-2024-20496 MEDIUM This Month

A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Memory Corruption
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-3866 MEDIUM PATCH This Month

The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 3.8.15 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Ninja Forms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8741 MEDIUM PATCH This Month

The Beam me up Scotty - Back to Top Button plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Beam Me Up Scotty
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8713 MEDIUM This Month

The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Kodex Posts Likes
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8549 MEDIUM PATCH This Month

The Simple Calendar - Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Google Simple Calendar
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-46934 MEDIUM PATCH This Month

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Rocket Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-20465 MEDIUM This Month

A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Cisco iOS
NVD
CVSS 3.1
5.8
EPSS
0.4%
CVE-2024-8067 MEDIUM This Month

In versions of Helix Core prior to 2024.1 Patch 2 (2024.1/2655224) a Windows ANSI API Unicode "best fit" argument injection was identified. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Microsoft
NVD
CVSS 4.0
5.8
EPSS
0.2%
CVE-2024-7421 MEDIUM This Month

An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Remote Desktop Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47315 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give.15.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-20475 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Catalyst Sd Wan Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8546 MEDIUM PATCH This Month

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video widget in all versions up to, and including, 3.2.7 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Elementskit Elementor Addons
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-8668 MEDIUM PATCH This Month

The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +12 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tooltip. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Woolentor Woocommerce Elementor Addons Builder
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-9073 MEDIUM This Month

The GutenGeek Free Gutenberg Blocks for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.3 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Free Gutenberg Blocks
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9069 MEDIUM This Month

The Graphicsly - The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Graphicsly
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9068 MEDIUM This Month

The OneElements - Best Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Oneelements
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9027 MEDIUM This Month

The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 1.0.5 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wpzoom Shortcodes
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9024 MEDIUM This Month

The Material Design Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mdi-icon shortcode in all versions up to, and including, 0.0.5 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Material Design Icons
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-9141 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in the Oct8ne system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8917 MEDIUM PATCH This Month

The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Football Leagues
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-8267 MEDIUM PATCH This Month

The Radio Player - Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute within the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Radio Player
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-47048 MEDIUM PATCH This Month

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Rocket Chat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-7426 MEDIUM This Month

The Community by PeepSo - Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.6.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP Peepso
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-43237 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Steve Burge WordPress Tag Cloud Plugin - Tag Groups tag-groups.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-43990 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in StylemixThemes Masterstudy LMS Starter.1.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy