Skip to main content
CVE-2024-11077 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Job Recruitment 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Job Recruitment
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-52531 MEDIUM POC This Month

GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libsoup
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-50990 MEDIUM POC This Month

A Reflected Cross Site Scriptng (XSS) vulnerability was found in /omrs/user/search.php in PHPGurukul Online Marriage Registration System v1.0, which allows remote attackers to execute arbitrary code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Online Marriage Registration System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-51489 MEDIUM POC This Month

Ampache is a web based audio/video streaming application and file manager. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ampache
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-51488 MEDIUM POC This Month

Ampache is a web based audio/video streaming application and file manager. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ampache
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-51487 MEDIUM POC This Month

Ampache is a web based audio/video streaming application and file manager. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ampache
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-51485 MEDIUM POC This Month

Ampache is a web based audio/video streaming application and file manager. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ampache
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-51484 MEDIUM POC This Month

Ampache is a web based audio/video streaming application and file manager. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ampache
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-11078 MEDIUM POC This Month

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Job Recruitment
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-11076 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Job Recruitment
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11074 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11073 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Hospital Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-11070 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Publiccms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-11059 MEDIUM POC This Month

A vulnerability was found in Project Worlds Free Download Online Shopping System up to 192.168.1.88. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Free Download Online Shopping System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-51190 MEDIUM POC This Month

TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XSS Tew 651Br Firmware Tew 652Brp Firmware Tew 652Bru Firmware
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-51189 MEDIUM POC This Month

TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XSS Tew 651Br Firmware Tew 652Brp Firmware Tew 652Bru Firmware
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-51188 MEDIUM POC This Month

TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XSS Tew 651Br Firmware Tew 652Brp Firmware Tew 652Bru Firmware
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-51187 MEDIUM POC This Month

TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XSS Tew 651Br Firmware Tew 652Brp Firmware Tew 652Bru Firmware
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-51054 MEDIUM POC This Month

A Cross Site Scriptng (XSS) vulnerability was found in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System 1.0, which allows remote attackers to execute arbitrary code via the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Online Marriage Registration System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-50991 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability was found in /ums-sp/admin/registered-users.php in PHPGurukul User Management System v1.0, which allows remote attackers to execute arbitrary code via the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS User Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-10315 MEDIUM This Month

In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cors Misconfiguration
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-51575 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-51574 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Goods Simple Goods simple-goods allows Stored XSS.1.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-51573 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ersatzpole ML Responsive Audio player with playlist Shortcode mlr-audio allows Stored XSS.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-51572 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shawfactor LH QR Codes lh-qr-codes allows Stored XSS.06. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-51571 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in masterbip MasterBip para Elementor masterbip-for-elementor allows DOM-Based XSS.6.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-52355 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MiKa OSM osm.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-52354 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cool Plugins Web Stories Widgets For Elementor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-52353 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gabriel Serafini Christian Science Bible Lesson Subjects christian-science-bible-lesson-subjects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-52352 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in miloandrew Postcasa Shortcode postcasa allows DOM-Based XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-52351 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BU Web Team BU Slideshow bu-slideshow allows Stored XSS.3.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-52350 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nrmendez CRM 2go crm2go allows DOM-Based XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-52358 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows DOM-Based. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-52357 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lqd LIQUID BLOCKS liquid-blocks allows Stored XSS.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-52356 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons the-pack-addon allows Stored XSS.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-51213 MEDIUM This Month

Cross Site Scripting vulnerability in Online Shop Store v.1.0 allows a remote attacker to execute arbitrary code via the login.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-50601 MEDIUM This Month

Persistent and reflected XSS vulnerabilities in the themeMode cookie and _h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-43439 MEDIUM PATCH This Month

A flaw was found in moodle. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Moodle
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-43437 MEDIUM PATCH This Month

A flaw was found in moodle. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Moodle
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-11019 MEDIUM This Month

Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webopac
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-23983 MEDIUM This Month

Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Canonical
NVD
CVSS 4.0
5.8
EPSS
0.4%
CVE-2024-50263 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-34014 MEDIUM This Month

Arbitrary file overwrite during recovery due to improper symbolic link handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2024-51026 MEDIUM This Month

The NetAdmin IAM system (version 4.0.30319) has a Cross Site Scripting (XSS) vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content=. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-46965 MEDIUM This Month

The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-45088 MEDIUM This Month

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-11021 MEDIUM This Month

Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Webopac
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10917 MEDIUM PATCH This Month

In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Openj9
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-43435 MEDIUM PATCH This Month

A flaw was found in moodle. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Moodle
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-43433 MEDIUM PATCH This Month

A flaw was found in moodle. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Moodle
NVD
CVSS 3.1
5.3
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy