Skip to main content
CVE-2024-32870 MEDIUM POC This Month

Combodo iTop is a simple, web based IT Service Management tool. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
CVSS 3.1
5.8
EPSS
0.7%
CVE-2024-51739 MEDIUM POC This Month

Combodo iTop is a simple, web based IT Service Management tool. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2024-10841 MEDIUM POC This Month

A vulnerability classified as critical was found in romadebrian WEB-Sekolah 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Web Sekolah
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-10810 MEDIUM POC This Month

A vulnerability was found in code-projects E-Health Care System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Health Care System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10809 MEDIUM POC This Month

A vulnerability was found in code-projects E-Health Care System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Health Care System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10808 MEDIUM POC This Month

A vulnerability has been found in code-projects E-Health Care System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Health Care System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10842 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in romadebrian WEB-Sekolah 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Web Sekolah
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-10840 MEDIUM POC This Month

A vulnerability classified as problematic has been found in romadebrian WEB-Sekolah 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Web Sekolah
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-10807 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Hospital Management System 4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-10806 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Hospital Management System 4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-9878 MEDIUM POC PATCH This Month

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Photo Gallery
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-9883 MEDIUM POC This Month

The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pods
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-7877 MEDIUM POC This Month

The Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simply Schedule Appointments
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-7876 MEDIUM POC This Month

The Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Appointment Type settings, which could allow. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simply Schedule Appointments
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-5578 MEDIUM POC This Month

The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Table Of Contents Plus
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-9689 MEDIUM POC This Month

The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Post From Frontend
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-47464 MEDIUM This Month

An authenticated Path Traversal vulnerability exists in Instant AOS-8 and AOS-10. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-51493 MEDIUM PATCH This Month

OctoPrint provides a web interface for controlling consumer 3D printers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Octoprint
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-49773 MEDIUM This Month

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Information Disclosure Suitecrm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-51362 MEDIUM This Month

The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-10340 MEDIUM This Month

The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'scu' shortcode in versions up to, and including, 2.1.3 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-49377 MEDIUM PATCH This Month

OctoPrint provides a web interface for controlling consumer 3D printers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Octoprint
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-9667 MEDIUM PATCH This Month

The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Seriously Simple Podcasting
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-31448 MEDIUM This Month

Combodo iTop is a simple, web based IT Service Management tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-51498 MEDIUM This Month

cobalt is a media downloader that doesn't piss you off. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
6.0
EPSS
0.5%
CVE-2024-52030 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at ru_wan_flow.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52029 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at genie_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52028 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at wiz_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52026 MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at bsw_pppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52025 MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at geniepppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52024 MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at wizpppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52023 MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe2.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52017 MEDIUM This Month

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at bridge_wireless_main.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-52016 MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware Xr300 Firmware +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-52015 MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware Xr300 Firmware +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52014 MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware Xr300 Firmware +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52013 MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at wiz_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware Xr300 Firmware +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51022 MEDIUM This Month

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid parameter in bridge_wireless_main.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51020 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the apn parameter at usbISP_detail_edit.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51019 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pppoe_localnetmask parameter at pppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51018 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51017 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the l2tp_user_netmask parameter at l2tp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51016 MEDIUM This Month

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the addName%d parameter in usb_approve.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51015 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a command injection vulnerability via the device_name2 parameter at operation_mode.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Command Injection Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.6%
CVE-2024-51014 MEDIUM This Month

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid_an parameter in bridge_wireless_main.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51013 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the RADIUSAddr%d_wla parameter at wireless.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51012 MEDIUM This Month

Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_pri_dns parameter at ipv6_fix.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51011 MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51007 MEDIUM This Month

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at wireless.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51006 MEDIUM This Month

Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_static_ip parameter in the ipv6_tunnel function. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy