Skip to main content
CVE-2024-46988 MEDIUM POC This Month

Tuleap is a tool for end to end traceability of application and system developments. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tuleap
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-48120 MEDIUM POC This Month

X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS X2Crm
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-48119 MEDIUM POC This Month

Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vtiger Crm
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6763 MEDIUM POC PATCH This Month

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Open Redirect Jetty
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2024-47766 MEDIUM POC PATCH This Month

Tuleap is a tool for end to end traceability of application and system developments. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Tuleap
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-46980 MEDIUM POC PATCH This Month

Tuleap is a tool for end to end traceability of application and system developments. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Tuleap
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-47767 MEDIUM POC PATCH This Month

Tuleap is a tool for end to end traceability of application and system developments. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Tuleap
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-46528 MEDIUM POC PATCH This Month

An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub Exploit-DB
CVSS 3.1
4.3
EPSS
1.6%
CVE-2024-35520 MEDIUM This Month

Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R7000 Firmware
NVD
CVSS 3.1
6.8
EPSS
9.1%
CVE-2024-35519 MEDIUM This Month

Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Ex3700 Firmware Ex6100 Firmware Ex6120 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
1.0%
CVE-2024-35518 MEDIUM This Month

Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Ex6120 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
1.0%
CVE-2024-41997 MEDIUM This Month

An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Command Injection RCE Docker
NVD GitHub
CVSS 3.1
6.6
EPSS
1.2%
CVE-2024-45736 MEDIUM This Month

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Splunk Splunk Cloud Platform
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-45732 MEDIUM This Month

In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Splunk Cloud Platform
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-8184 MEDIUM PATCH This Month

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Jetty
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-6762 MEDIUM PATCH This Month

Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Jetty
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-9936 MEDIUM This Month

When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Mozilla Firefox
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-8602 MEDIUM This Month

When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE (XML External Entity) attack. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Denial Of Service
NVD
CVSS 4.0
6.3
EPSS
0.4%
CVE-2024-48821 MEDIUM This Month

Cross Site Scripting vulnerability in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-47826 MEDIUM This Month

eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Elabftw
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-48793 MEDIUM This Month

An issue in INATRONIC com.inatronic.bmw 2.7.1 allows a remote attacker to obtain sensitive information via the firmware update process. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-48911 MEDIUM PATCH This Month

OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Opencanary
NVD GitHub
CVSS 4.0
5.8
EPSS
0.2%
CVE-2024-47885 MEDIUM PATCH MAL This Month

The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to version 4.16.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Astro
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-45741 MEDIUM This Month

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.4
EPSS
12.9%
CVE-2024-45740 MEDIUM This Month

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-30117 MEDIUM This Month

A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bigfix Platform
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-48795 MEDIUM This Month

An issue in Creative Labs Pte Ltd com.creative.apps.xficonnect 2.00.02 allows a remote attacker to obtain sensitive information via the firmware update process. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-48790 MEDIUM This Month

An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote attacker to obtain sensitive information via the firmware update process. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-49214 MEDIUM This Month

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-38863 MEDIUM This Month

Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Checkmk
NVD
CVSS 4.0
5.1
EPSS
0.3%
CVE-2024-38862 MEDIUM This Month

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-9953 MEDIUM PATCH This Month

A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Python Vince
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-45739 MEDIUM This Month

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-45738 MEDIUM This Month

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-9923 MEDIUM This Month

The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Team Pro
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-46911 MEDIUM This Month

Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache CSRF Roller
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-45735 MEDIUM This Month

In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Splunk Cloud Platform
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-45734 MEDIUM This Month

In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy