Skip to main content
CVE-2024-9818 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Online Veterinary Appointment System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Veterinary Appointment System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-9814 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Codezips Pharmacy Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pharmacy Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-9813 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Codezips Pharmacy Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pharmacy Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-9812 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Crud Operation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Crud Operation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-9811 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Restaurant Reservation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-9797 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blood Bank System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-9312 MEDIUM POC PATCH This Month

Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.

Information Disclosure Authd
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-47868 MEDIUM POC PATCH This Month

Gradio is an open-source Python package designed for quick prototyping. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Gradio
NVD GitHub
CVSS 4.0
6.3
EPSS
0.8%
CVE-2024-9780 MEDIUM POC This Month

ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-7049 MEDIUM POC This Month

In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Open Webui
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7048 MEDIUM POC This Month

In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Open Webui
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-9817 MEDIUM POC This Month

A vulnerability was found in code-projects Blood Bank System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blood Bank System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-9810 MEDIUM POC This Month

A vulnerability was found in SourceCodester Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9809 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9808 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9806 MEDIUM POC This Month

A vulnerability has been found in Craig Rodway Classroombookings up to 2.8.6 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Classroombookings
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9805 MEDIUM POC This Month

A vulnerability was found in code-projects Blood Bank System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Blood Bank System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9803 MEDIUM POC This Month

A vulnerability was found in code-projects Blood Bank Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Blood Bank System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9799 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Profile Registration without Reload Refresh 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Profile Registration Without Reload Refresh
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9794 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-9793 MEDIUM POC THREAT This Month

A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac1206 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
21.5%
CVE-2024-9816 MEDIUM POC This Month

A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Tourist Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-9815 MEDIUM POC This Month

A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Tourist Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-9807 MEDIUM POC This Month

A vulnerability was found in Craig Rodway Classroombookings 2.8.7 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Classroombookings
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-9804 MEDIUM POC This Month

A vulnerability was found in code-projects Blood Bank System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blood Bank System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-9790 MEDIUM POC This Month

A vulnerability was found in LyLme_spage 1.9.5. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lylme Spage
NVD VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-9789 MEDIUM POC This Month

A vulnerability was found in LyLme_spage 1.9.5 and classified as critical.php. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lylme Spage
NVD VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-9788 MEDIUM POC This Month

A vulnerability has been found in LyLme_spage 1.9.5 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lylme Spage
NVD VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-4658 MEDIUM This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TE Informatics Nova CMS allows SQL Injection.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-47872 MEDIUM PATCH This Month

Gradio is an open-source Python package designed for quick prototyping. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Python Gradio
NVD GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-47167 MEDIUM PATCH This Month

Gradio is an open-source Python package designed for quick prototyping. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Python Gradio
NVD GitHub
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-47165 MEDIUM PATCH This Month

Gradio is an open-source Python package designed for quick prototyping. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Gradio
NVD GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-47084 MEDIUM PATCH This Month

Gradio is an open-source Python package designed for quick prototyping. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Gradio
NVD GitHub
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-9787 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Basrouter Bacnet Basrt B Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-9623 MEDIUM This Month

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-45132 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Privilege Escalation Commerce Commerce B2b +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-45118 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Commerce Commerce B2b Magento
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-22068 MEDIUM This Month

Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.00.10 and earlier. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zte Zxr10 1800 2S Firmware Zxr10 2800 4 Firmware Zxr10 3800 8 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-9057 MEDIUM This Month

The Curator.io: Show all your social media posts in a beautiful feed. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Curator Io
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-8987 MEDIUM This Month

The Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youzify_media. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Youzify
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-9072 MEDIUM This Month

The GDPR-Extensions-com - Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Consent Manager
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-45123 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe XSS Commerce Commerce B2b Magento
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9377 MEDIUM PATCH This Month

The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Products Order Customers Export For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9205 MEDIUM PATCH This Month

The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Maximum Products Per User For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8729 MEDIUM This Month

The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Easy Social Share Buttons
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-48942 MEDIUM This Month

The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Atlassian Secure Login
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-8513 MEDIUM This Month

The QA Analytics - Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Qa Analytics
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-6530 MEDIUM This Month

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
2.1%
CVE-2024-48902 MEDIUM This Month

In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Youtrack
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-45131 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Commerce Commerce B2b Magento
NVD
CVSS 3.1
5.4
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy