Skip to main content
CVE-2024-51665 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Server Side Request Forgery.2.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. Epss exploitation probability 35.4% and no vendor patch available.

SSRF Elementor
NVD
CVSS 3.1
4.9
EPSS
35.4%
CVE-2024-10791 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hospital Appointment System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-10761 MEDIUM POC PATCH This Month

A vulnerability was found in Umbraco CMS up to 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Umbraco Cms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-10758 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP News Buzz Content Management System
NVD Exploit-DB GitHub VulDB
CVSS 4.0
6.9
EPSS
1.4%
CVE-2024-10752 MEDIUM POC This Month

A vulnerability was found in Codezips Pet Shop Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pet Shop Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-34885 MEDIUM POC This Month

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bitrix24
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-34891 MEDIUM POC This Month

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Bitrix24
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-48052 MEDIUM POC This Month

In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gradio
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-48463 MEDIUM POC PATCH This Month

Bruno before 1.29.1 uses Electron shell.openExternal without validation (of http or https) for opening windows within the Markdown docs viewer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Microsoft Bruno
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-51408 MEDIUM POC This Month

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Appsmith
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-48059 MEDIUM POC This Month

gaizhenbiao/chuanhuchatgpt project, version <=20240802 is vulnerable to stored Cross-Site Scripting (XSS) in WebSocket session transmission. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Chuanhuchatgpt
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-48057 MEDIUM POC This Month

localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Localai
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-30618 MEDIUM POC PATCH This Month

A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-51328 MEDIUM POC This Month

Cross Site Scripting vulnerability in addcategory.php in projectworld's Travel Management System v1.0 allows remote attacker to inject arbitrary code via the t2 parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Travel Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-30617 MEDIUM POC PATCH This Month

A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP CSRF Chamilo Lms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-10805 MEDIUM POC This Month

A vulnerability was found in code-projects University Event Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP University Event Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10768 MEDIUM POC This Month

A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-10766 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Free Exam Hall Seating Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10765 MEDIUM POC This Month

A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Institute Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10764 MEDIUM POC This Month

A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Institute Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10760 MEDIUM POC This Month

A vulnerability was found in code-projects University Event Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP University Event Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-10759 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Farm Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Farm Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10757 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Shopping Portal 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-10756 MEDIUM POC This Month

A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-10755 MEDIUM POC This Month

A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-10754 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-10753 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-10751 MEDIUM POC This Month

A vulnerability was found in Codezips ISP Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Isp Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10747 MEDIUM POC This Month

A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Shopping Portal
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-10746 MEDIUM POC This Month

A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9147 MEDIUM This Month

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings.2.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pospratik
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-33032 MEDIUM PATCH This Month

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Wsa8835 Firmware Wsa8832 Firmware Wsa8830 Firmware Wsa8815 Firmware +63
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-33031 MEDIUM PATCH This Month

Memory corruption while processing the update SIM PB records request. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Wcn3660b Firmware Wcn3620 Firmware Wcd9340 Firmware Snapdragon X75 5g Modem Rf System Firmware +12
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-33030 MEDIUM PATCH This Month

Memory corruption while parsing IPC frequency table parameters for LPLH that has size greater than expected size. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Wsa8835 Firmware Wsa8830 Firmware Wcd9380 Firmware Wcd9340 Firmware +18
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-33029 MEDIUM PATCH This Month

Memory corruption while handling the PDR in driver for getting the remote heap maps. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Snapdragon Auto 5g Modem Rf Gen 2 Firmware Qca6698aq Firmware +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-23386 MEDIUM PATCH This Month

memory corruption when WiFi display APIs are invoked with large random inputs. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Wsa8835 Firmware Wsa8830 Firmware Wcn3660b Firmware Wcn3620 Firmware +6
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-23377 MEDIUM PATCH This Month

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware +35
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20121 MEDIUM This Month

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20120 MEDIUM This Month

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20119 MEDIUM This Month

In mms, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20118 MEDIUM This Month

In mms, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20115 MEDIUM This Month

In ccu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20114 MEDIUM This Month

In ccu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20113 MEDIUM This Month

In ccu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20111 MEDIUM This Month

In ccu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20110 MEDIUM This Month

In ccu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20109 MEDIUM This Month

In ccu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20108 MEDIUM This Month

In atci, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20106 MEDIUM This Month

In m4u, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-51683 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Custom post type templates for Elementor custom-post-type-templates-for-elementor allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD
CVSS 3.1
6.5
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy