Skip to main content
CVE-2024-9329 MEDIUM POC PATCH This Month

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Glassfish
NVD GitHub
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-46540 MEDIUM POC This Month

A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Emlog
NVD GitHub
CVSS 3.1
6.3
EPSS
0.7%
CVE-2024-47530 MEDIUM POC PATCH This Month

Scout is a web-based visualizer for VCF-files. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Scout
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-45920 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Solvait
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8536 MEDIUM POC This Month

The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Blocks
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-8239 MEDIUM POC This Month

The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Starbox
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-47067 MEDIUM POC PATCH This Month

AList is a file list program that supports multiple storages. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Alist
NVD GitHub
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-47536 MEDIUM POC PATCH This Month

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Citizen
NVD GitHub
CVSS 4.0
4.8
EPSS
0.4%
CVE-2024-8283 MEDIUM POC This Month

The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Slider
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-3635 MEDIUM POC This Month

The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS The Post Grid
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-41999 MEDIUM This Month

Smart-tab Android app installed April 2023 or earlier contains an active debug code vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-8449 MEDIUM This Month

Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-28810 MEDIUM This Month

An issue was discovered in Infinera hiT 7300 5.60.50. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Hit 7300 Firmware
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-45993 MEDIUM This Month

Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Giflib
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-47641 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Muhammad Shakeel Confetti Fall Animation confetti-fall-animation allows Stored XSS.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-28807 MEDIUM This Month

An issue was discovered in Infinera hiT 7300 5.60.50. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hit 7300 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-46548 MEDIUM This Month

TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowing attackers to eavesdrop on communications and access sensitive information via a. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Information Disclosure
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-47064 MEDIUM PATCH This Month

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Computer Vision Annotation Tool
NVD GitHub
CVSS 4.0
6.3
EPSS
0.3%
CVE-2024-45200 MEDIUM This Month

In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Code Injection RCE Buffer Overflow
NVD GitHub
CVSS 3.1
6.3
EPSS
1.4%
CVE-2024-47063 MEDIUM PATCH This Month

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Computer Vision Annotation Tool
NVD GitHub
CVSS 4.0
6.2
EPSS
0.3%
CVE-2024-46635 MEDIUM This Month

An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-8455 MEDIUM This Month

The swctrl service is used to detect and remotely manage PLANET Technology devices. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware Igs 5225 4Up1T2S Firmware
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-46869 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel_pcie: Allocate memory for driver private data Fix driver not allocating memory for struct btintel_data which is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47172 MEDIUM PATCH This Month

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Computer Vision Annotation Tool
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-45792 MEDIUM PATCH This Month

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mantisbt
NVD GitHub
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-8459 MEDIUM This Month

Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-8453 MEDIUM This Month

Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-45073 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Websphere Application Server
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-46475 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user's browser via. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-8457 MEDIUM This Month

Certain switch models from PLANET Technology have a web application that does not properly validate specific parameters, allowing remote authenticated users with administrator privileges to inject. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-9158 MEDIUM This Month

A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

RCE XSS Nessus Network Monitor
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-35495 MEDIUM This Month

An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-6051 MEDIUM This Month

Cross Application Scripting vulnerability in Vercom S.A. Rated medium severity (CVSS 4.3). No vendor patch available.

Code Injection
NVD
CVSS 4.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy