Skip to main content
CVE-2024-47308 MEDIUM POC THREAT This Month

Missing Authorization vulnerability in WPDeveloper Templately templately.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 40.9%.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
40.9%
Threat
4.0
CVE-2024-51483 MEDIUM POC PATCH This Month

changedetection.io is free, open source web page change detection software. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 4.0
6.9
EPSS
2.3%
CVE-2024-10654 MEDIUM POC This Month

A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lr350 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.5%
CVE-2024-10608 MEDIUM POC This Month

A vulnerability was found in code-projects Courier Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Courier Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-10607 MEDIUM POC This Month

A vulnerability was found in code-projects Courier Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Courier Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-10605 MEDIUM POC This Month

A vulnerability was found in code-projects Blood Bank Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-51407 MEDIUM POC This Month

Floodlight SDN OpenFlow Controller v.1.2 has an issue that allows local hosts to construct false broadcast ports causing inter-host communication anomalies. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Floodlight
NVD GitHub
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-51406 MEDIUM POC This Month

Floodlight SDN Open Flow Controller v.1.2 has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodlight, which in turn leads to missed hosts. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Open Sdn Controller
NVD GitHub
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-51377 MEDIUM POC This Month

An issue in Ladybird Web Solution Faveo Helpdesk & Servicedesk (On-Premise and Cloud) 9.2.0 allows a remote attacker to execute arbitrary code via the Subject and Identifier fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Faveo Helpdesk
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-10660 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
5.0%
CVE-2024-10659 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10658 MEDIUM POC This Month

A vulnerability classified as critical was found in Tongda OA up to 11.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-10657 MEDIUM POC This Month

A vulnerability classified as critical has been found in Tongda OA up to 11.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-10656 MEDIUM POC This Month

A vulnerability was found in Tongda OA 2017 up to 11.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-10655 MEDIUM POC This Month

A vulnerability was found in Tongda OA 2017 up to 11.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10619 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10618 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Tongda OA 2017 up to 11.10.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10617 MEDIUM POC This Month

A vulnerability classified as critical was found in Tongda OA up to 11.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10616 MEDIUM POC This Month

A vulnerability classified as critical has been found in Tongda OA up to 11.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10615 MEDIUM POC This Month

A vulnerability was found in Tongda OA 2017 up to 11.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10613 MEDIUM POC This Month

A vulnerability was found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10612 MEDIUM POC This Month

A vulnerability was found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10611 MEDIUM POC This Month

A vulnerability was found in ESAFENET CDG 5 and classified as critical.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10610 MEDIUM POC This Month

A vulnerability has been found in ESAFENET CDG 5 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10609 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System Project 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10602 MEDIUM POC This Month

A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-27525 MEDIUM POC PATCH This Month

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
4.6
EPSS
0.4%
CVE-2024-10620 MEDIUM This Month

A vulnerability was found in knightliao Disconf 2.6.36. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-47361 MEDIUM This Month

Missing Authorization vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder.13.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elementor
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-43932 MEDIUM This Month

Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder.6.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elementor
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-43956 MEDIUM This Month

Missing Authorization vulnerability in Caseproof, LLC MemberPress memberpress.11.34. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-47321 MEDIUM This Month

Missing Authorization vulnerability in Fahad Mahmood WP Datepicker wp-datepicker.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-37481 MEDIUM This Month

Missing Authorization vulnerability in RadiusTheme The Post Grid the-post-grid.7.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-38771 MEDIUM This Month

Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-51398 MEDIUM This Month

Altai Technologies Ltd Altai X500 Indoor 22 802.11ac Wave 2 AP web Management Weak password leakage in the background may lead to unauthorized access, data theft, and network attacks, seriously. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brute Force
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-48289 MEDIUM This Month

An issue in the Bluetooth Low Energy implementation of Cypress Bluetooth SDK v3.66 allows attackers to cause a Denial of Service (DoS) via supplying a crafted LL_PAUSE_ENC_REQ packet. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-43209 MEDIUM This Month

Missing Authorization vulnerability in Bitly allows Accessing Functionality Not Properly Constrained by ACLs.7.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-43122 MEDIUM This Month

Missing Authorization vulnerability in Creative Motion Robin image optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.6.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-39640 MEDIUM This Month

Missing Authorization vulnerability in QuadLayers WP Social Feed Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.3.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-38777 MEDIUM This Month

Missing Authorization vulnerability in CreativeMotion Titan Anti-spam & Security allows Exploiting Incorrectly Configured Access Control Security Levels.3.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-37510 MEDIUM This Month

Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.8.1.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-37477 MEDIUM This Month

Missing Authorization vulnerability in Automattic Newspack Content Converter allows Exploiting Incorrectly Configured Access Control Security Levels.1.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-37214 MEDIUM This Month

Missing Authorization vulnerability in Dropshipping Guru Ali2Woo Lite Exploiting Incorrectly Configured Access Control Security Levels, Stored XSS.3.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-37209 MEDIUM This Month

Access Control vulnerability in Prism IT Systems User Rights Access Manager allows .1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-43143 MEDIUM This Month

Missing Authorization vulnerability in Roundup WP Registrations for the Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.12.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-10367 MEDIUM This Month

The Otter Blocks - Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-10232 MEDIUM This Month

The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atomchat shortcode in all versions up to, and including, 1.1.5 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-37929 MEDIUM This Month

Missing Authorization vulnerability in solwin User Activity Log Pro user-activity-log-pro.3.4. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-43285 MEDIUM This Month

Missing Authorization vulnerability in Presto Made, Inc Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels.0.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-43146 MEDIUM This Month

Missing Authorization vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP allows Exploiting Incorrectly Configured Access Control Security Levels.0.96.1. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.4%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy