Skip to main content
CVE-2024-10600 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.6. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
6.3%
CVE-2024-10599 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service Office Anywhere
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-10598 MEDIUM POC This Month

A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-10561 MEDIUM POC This Month

A vulnerability was found in Codezips Pet Shop Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pet Shop Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-10557 MEDIUM POC This Month

A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-10556 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pet Shop Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-50802 MEDIUM POC This Month

A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/email_templates.php. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Abantecart
NVD GitHub
CVSS 3.1
6.0
EPSS
0.4%
CVE-2024-50801 MEDIUM POC This Month

A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/collections.php. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Abantecart
NVD GitHub
CVSS 3.1
6.0
EPSS
0.4%
CVE-2024-50354 MEDIUM POC PATCH This Month

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Deserialization Denial Of Service Gnark
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-10601 MEDIUM POC This Month

A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10597 MEDIUM POC This Month

A vulnerability classified as critical has been found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-10596 MEDIUM POC This Month

A vulnerability was found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10595 MEDIUM POC This Month

A vulnerability was found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-10594 MEDIUM POC This Month

A vulnerability was found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10559 MEDIUM POC This Month

A vulnerability was found in SourceCodester Airport Booking Management System 1.0 and classified as critical. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Airport Booking Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.4%
CVE-2024-6479 MEDIUM This Month

The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Sip Reviews Shortcode For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-8934 MEDIUM This Month

A local user with administrative access rights can enter specialy crafted values for settings at the user interface (UI) of the TwinCAT Package Manager which then causes arbitrary OS commands to be. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-30149 MEDIUM This Month

HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Appscan Source
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-9165 MEDIUM This Month

The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.4.4. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-6480 MEDIUM This Month

The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress SQLi Sip Reviews Shortcode For Woocommerce
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-9708 MEDIUM This Month

The Easy SVG Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Easy Svg Upload
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-51430 MEDIUM This Month

Cross Site Scripting vulnerability in online diagnostic lab management system using php v.1.0 allows a remote attacker to execute arbitrary code via the Test Name parameter on the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP XSS
NVD GitHub
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-9446 MEDIUM This Month

The WP Simple Anchors Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpanchor shortcode in all versions up to, and including, 1.0.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-50347 MEDIUM PATCH This Month

Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Information Disclosure
NVD GitHub
CVSS 4.0
6.3
EPSS
0.3%
CVE-2024-8553 MEDIUM This Month

A vulnerability was found in Foreman's loader macros introduced with report templates. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-10454 MEDIUM This Month

Clickjacking vulnerability in Clibo Manager v1.1.9.12 in the '/public/login' directory, a login panel. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-9434 MEDIUM This Month

The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-49685 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Custom Twitter Feeds (Tweets Widget) custom-twitter-feeds allows Cross Site Request Forgery.2.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-10544 MEDIUM This Month

The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 through publicly exposed log files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-9430 MEDIUM This Month

The Get Quote For Woocommerce - Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the ct_tepfw_wp_loaded. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-9700 MEDIUM PATCH This Month

The Forminator Forms - Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Forminator Forms
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-43933 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amauri WPMobile.App wpappninja allows Stored XSS.App: from n/a through <= 11.48. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-43930 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in eyecix JobSearch allows Cross Site Request Forgery.5.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy