Skip to main content
CVE-2024-45870 MEDIUM POC This Month

Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bandiview
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-45872 MEDIUM POC This Month

Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Bandiview
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-45871 MEDIUM POC This Month

Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting in denial of service (DOS). Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bandiview
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-9460 MEDIUM This Month

A vulnerability was found in Codezips Online Shopping Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-41585 MEDIUM This Month

DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3910 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2024-9100 MEDIUM This Month

Zohocorp ManageEngine Analytics Plus versions before 5410 and Zoho Analytics On-Premise versions before 5410 are vulnerable to Path traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Zoho
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-8159 MEDIUM This Month

Deep Freeze 9.00.020.5760 is vulnerable to an out-of-bounds read vulnerability by triggering the 0x70014 IOCTL code of the FarDisk.sys driver. Rated medium severity (CVSS 6.4). No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-41591 MEDIUM This Month

DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor2620 Firmware Vigor2915 Firmware Vigor2866 Firmware Vigor2766 Firmware +20
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-47617 MEDIUM PATCH This Month

Sulu is a PHP content management system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Sulu
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-34535 MEDIUM This Month

In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Request Smuggling Mastodon
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-47762 MEDIUM PATCH This Month

Backstage is an open framework for building developer portals. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.8
EPSS
0.4%
CVE-2024-41587 MEDIUM This Month

Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vigor3910 Firmware Vigor3912 Firmware Vigor2962 Firmware Vigor165 Firmware +20
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-47618 MEDIUM PATCH This Month

Sulu is a PHP content management system. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Sulu
NVD GitHub
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-9266 MEDIUM PATCH This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD HeroDevs
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-41584 MEDIUM This Month

DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor3910 Firmware
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-41583 MEDIUM This Month

DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor3910 Firmware
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-47554 MEDIUM PATCH This Month

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Commons Io Active Iq Unified Manager Bluexp +5
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2024-42504 MEDIUM This Month

A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a Cross-Site Request Forgery (CSRF) in the login flow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy