Skip to main content
CVE-2024-45919 MEDIUM POC This Month

A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Solvait
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-42831 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-45060 MEDIUM POC PATCH This Month

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpspreadsheet
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-46300 MEDIUM POC This Month

itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Placement Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-44674 MEDIUM POC This Month

D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow D-Link Covr 2600R Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
3.9%
CVE-2024-45292 MEDIUM POC PATCH This Month

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpspreadsheet
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-45932 MEDIUM POC This Month

Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Krayin Crm
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-47976 MEDIUM This Month

Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access. Rated medium severity (CVSS 6.7). No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-42027 MEDIUM This Month

The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2024-23379 MEDIUM This Month

Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Wsa8835 Firmware Wsa8830 Firmware Wsa8815 Firmware Wsa8810 Firmware +30
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-23378 MEDIUM This Month

Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Srv1m Firmware Srv1h Firmware Snapdragon Auto 5g Modem Rf Gen 2 Firmware Sa9000p Firmware +14
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-23376 MEDIUM This Month

Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Wsa8835 Firmware Wsa8830 Firmware +19
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-23375 MEDIUM This Month

Memory corruption during the network scan request. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Wsa8835 Firmware Wsa8830 Firmware Wcn3988 Firmware Wcn3980 Firmware +10
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-23374 MEDIUM This Month

Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Wsa8835 Firmware Wsa8830 Firmware Wcn3988 Firmware +23
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-23370 MEDIUM This Month

Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Wsa8835 Firmware Wsa8830 Firmware +9
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20099 MEDIUM This Month

In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20098 MEDIUM This Month

In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20090 MEDIUM This Month

In vdec, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-45933 MEDIUM This Month

OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Code Injection XSS RCE
NVD GitHub
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-47818 MEDIUM PATCH This Month

Saltcorn is an extensible, open source, no-code database application builder. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-47971 MEDIUM This Month

Improper error handling in firmware of some SSD DC Products may allow an attacker to enable denial of service. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-46040 MEDIUM This Month

IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-9574 MEDIUM This Month

SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Soplanning
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-9573 MEDIUM This Month

SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Soplanning
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-47079 MEDIUM This Month

Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Meshtastic Firmware
NVD GitHub
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-28710 MEDIUM PATCH This Month

Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS RCE Limesurvey
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-28709 MEDIUM PATCH This Month

Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS RCE Limesurvey
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-47969 MEDIUM This Month

Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-47772 MEDIUM This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Discourse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-38425 MEDIUM This Month

Information disclosure while sending implicit broadcast containing APP launch information. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Wsa8835 Firmware Wsa8830 Firmware Wcd9380 Firmware +19
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-46325 MEDIUM This Month

TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow TP-Link Wr740N Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47782 MEDIUM PATCH This Month

WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wikidiscover
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-47610 MEDIUM PATCH This Month

InvenTree is an Open Source Inventory Management System. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Inventree
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9572 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/groupe_save.php, in the groupe_id parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Soplanning
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9571 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/xajax_server.php, affecting multiple parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Soplanning
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-45153 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-47344 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Stylemix uListing ulisting.1.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-47817 MEDIUM PATCH This Month

Lara-zeus Dynamic Dashboard simple way to manage widgets for your website landing page, and filament dashboard and Lara-zeus artemis is a collection of themes for the lara-zeus ecosystem. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-47781 MEDIUM PATCH This Month

CreateWiki is an extension used at Miraheze for requesting & creating wikis. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Createwiki
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-47973 MEDIUM This Month

In some Solidigm DC Products, a defect in device overprovisioning may provide information disclosure to an attacker. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2024-45894 MEDIUM This Month

BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure PHP Bluecms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-20102 MEDIUM This Month

In wlan driver, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-47968 MEDIUM This Month

Improper resource shutdown in middle of certain operations on some Solidigm DC Products may allow an attacker to potentially enable denial of service. Rated medium severity (CVSS 4.4). No vendor patch available.

Race Condition Denial Of Service
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-47974 MEDIUM This Month

Race condition during resource shutdown in some Solidigm DC Products may allow an attacker to potentially enable denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Denial Of Service
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-47967 MEDIUM This Month

Improper resource initialization handling in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-20097 MEDIUM This Month

In vdec, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20096 MEDIUM This Month

In m4u, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20095 MEDIUM This Month

In m4u, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20093 MEDIUM This Month

In vdec, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20091 MEDIUM This Month

In vdec, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy