Skip to main content
CVE-2024-9986 MEDIUM POC This Month

A vulnerability was found in code-projects Blood Bank Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-48622 MEDIUM POC This Month

A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Domainmod
NVD GitHub
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-48714 MEDIUM POC This Month

In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-48713 MEDIUM POC This Month

In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-48712 MEDIUM POC This Month

In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-48710 MEDIUM POC This Month

In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-48913 MEDIUM POC PATCH This Month

Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request without Content-Type header. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

CSRF Hono
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-48278 MEDIUM POC This Month

Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.php. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF User Registration Login And User Management System
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-48624 MEDIUM POC This Month

In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Domainmod
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-48623 MEDIUM POC This Month

In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS). Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Domainmod
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-9976 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pharmacy Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-9975 MEDIUM POC This Month

A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Drag And Drop Image Upload
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-9974 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-9973 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-9952 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-48948 MEDIUM POC PATCH This Month

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Node.js Jwt Attack Information Disclosure Elliptic
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2024-47944 MEDIUM This Month

The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-9676 MEDIUM This Month

A denial of service vulnerability in A vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Denial Of Service Information Disclosure Linux Docker Path Traversal
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-31493 MEDIUM This Month

RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE PHP Zoneminder
NVD
CVSS 3.1
6.6
EPSS
0.7%
CVE-2024-21262 MEDIUM This Month

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Authentication Bypass Oncommand Insight Mysql Connectors
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-38204 MEDIUM PATCH This Month

Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Azure Functions
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-21230 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-21205 MEDIUM This Month

Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Oracle Fusion Middleware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-21196 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-21263 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-21202 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Oracle Peoplesoft Enterprise People Tools
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-9944 MEDIUM PATCH This Month

The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Woocommerce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-21535 MEDIUM PATCH This Month

Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE XSS Markdown To Jsx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-9548 MEDIUM PATCH This Month

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Slimstat Analytics
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-21273 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2024-47674 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-21286 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Management product of Oracle PeopleSoft (component: Enterprise Learning Management). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-21264 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Activity Guide Composer). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Cost Center Common Application Objects
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9895 MEDIUM PATCH This Month

The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's moo_receipt_link shortcode in all versions up to, and including, 1.5.7 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Smart Online Order For Clover
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9969 MEDIUM This Month

NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Webeip
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-21281 MEDIUM This Month

Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Request Smuggling Denial Of Service Oracle Banking Liquidity Management
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-21258 MEDIUM This Month

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: User Interface). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Installed Base
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-21248 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 5.3). No vendor patch available.

Authentication Bypass Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-21238 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2024-9979 MEDIUM PATCH This Month

A flaw was found in PyO3. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Python Buffer Overflow Memory Corruption
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-9546 MEDIUM This Month

The WPIDE - File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Wpide
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-44337 MEDIUM PATCH This Month

The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
5.1
EPSS
0.5%
CVE-2024-9977 MEDIUM This Month

A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
22.1%
CVE-2024-31955 MEDIUM This Month

An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB firmware. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Samsung
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2024-21261 MEDIUM This Month

Vulnerability in Oracle Application Express (component: General). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Oracle Application Express
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-21241 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-21239 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2024-21236 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2024-21219 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-21218 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
4.9
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy