Skip to main content
CVE-2024-6443 MEDIUM POC This Month

In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-7801 MEDIUM POC This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.0 before 2.4.7. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Timeprovider 4100 Firmware
NVD Exploit-DB
CVSS 4.0
6.3
EPSS
0.8%
CVE-2024-9513 MEDIUM POC This Month

A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Netadmin Iam
NVD VulDB
CVSS 4.0
6.3
EPSS
1.7%
CVE-2024-41516 MEDIUM POC This Month

A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cadclick
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-41515 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "res_url" parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cadclick
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-41514 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cadclick
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-41513 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cadclick
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-46409 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Seeddms
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-47913 MEDIUM POC PATCH This Month

An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Mediawiki
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-9410 MEDIUM POC This Month

Ada.cx's Sentry configuration allowed for blind server-side request forgeries (SSRF) through the use of a data scraping endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ada
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-47764 MEDIUM PATCH This Month

cookie is a basic HTTP cookie parser and serializer for HTTP servers. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-47768 MEDIUM PATCH This Month

Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Lif Authentication Server
NVD GitHub
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-47765 MEDIUM PATCH This Month

Minecraft MOTD Parser is a PHP library to parse minecraft server motd. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Minecraft Motd Parser
NVD GitHub
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-6444 MEDIUM This Month

No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-6442 MEDIUM This Month

In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-8802 MEDIUM This Month

The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Clio Grow
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2024-8148 MEDIUM This Month

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-38038 MEDIUM This Month

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-38037 MEDIUM This Month

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-25691 MEDIUM This Month

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8499 MEDIUM PATCH This Month

The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘render_review_request_notice’ function in all versions up. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Checkout Field Editor For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9435 MEDIUM PATCH This Month

The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Shiftcontroller
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-47854 MEDIUM This Month

An XSS vulnerability was discovered in Veritas Data Insight before 7.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Data Insight
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-9384 MEDIUM PATCH This Month

The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Quantity Dynamic Pricing Bulk Discounts For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9375 MEDIUM This Month

The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Captcha Bank
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-9353 MEDIUM PATCH This Month

The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Popularis Extra
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9349 MEDIUM PATCH This Month

The Auto Amazon Links - Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Auto Amazon Links
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9345 MEDIUM PATCH This Month

The Product Delivery Date for WooCommerce - Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Product Delivery Date For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9237 MEDIUM PATCH This Month

The Fish and Ships - Most flexible shipping table rate. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Fish And Ships
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9204 MEDIUM PATCH This Month

The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER['REQUEST_URI'] in all versions up to, and including, 11.4.7 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Smart Custom 404 Error Page
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-44439 MEDIUM This Month

An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-9484 MEDIUM This Month

An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Apple Denial Of Service Antivirus
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-9483 MEDIUM This Month

A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Apple Denial Of Service Antivirus
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-9482 MEDIUM This Month

An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Memory Corruption Antivirus
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-9481 MEDIUM This Month

An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Memory Corruption Antivirus
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-44204 MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
5.5
EPSS
4.9%
CVE-2024-43686 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.0 before 2.4.7. Rated medium severity (CVSS 5.4). No vendor patch available.

XSS Timeprovider 4100 Firmware
NVD
CVSS 4.0
5.4
EPSS
11.5%
CVE-2024-46077 MEDIUM This Month

itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the val-username, val-email, val-suggestions, val-digits and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Online Tours And Travels Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-38039 MEDIUM This Month

There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-38036 MEDIUM This Month

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-9271 MEDIUM PATCH This Month

The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Re
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9071 MEDIUM PATCH This Month

The Easy Demo Importer - A Modern One-Click Demo Import Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Easy Demo Importer
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9242 MEDIUM PATCH This Month

The Memberful - Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'memberful_buy_subscription_link' and 'memberful_podcasts_link' shortcodes in all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Memberful
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8804 MEDIUM PATCH This Month

The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Code Embed
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-9445 MEDIUM This Month

The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_medium_posts shortcode in all versions up to, and including, 5.0.1 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Display Medium Posts
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9421 MEDIUM This Month

The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in all versions up to, and including, 1.1.0 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Login Logout Shortcode
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9372 MEDIUM This Month

The WP Blocks Hub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wp Blocks Hub
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-9368 MEDIUM This Month

The Aggregator Advanced Settings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Aggregator Advanced Settings
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-8519 MEDIUM PATCH This Month

The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Ultimate Member
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-47211 MEDIUM PATCH This Month

In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy