Skip to main content
CVE-2024-11125 MEDIUM POC This Month

A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Getsimplecms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-11100 MEDIUM POC This Month

A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-11099 MEDIUM POC This Month

A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Job Recruitment
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-9836 MEDIUM POC This Month

The RSS Feed Widget WordPress plugin before 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Rss Feed Widget
NVD WPScan
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-47535 MEDIUM POC PATCH This Month

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Microsoft Netty
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-11127 MEDIUM POC This Month

A vulnerability was found in code-projects Job Recruitment up to 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Job Recruitment
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11123 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Lingdang Crm
NVD VulDB
CVSS 4.0
5.3
EPSS
1.0%
CVE-2024-11122 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload Lingdang Crm
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-11121 MEDIUM POC This Month

A vulnerability classified as critical was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lingdang Crm
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-11102 MEDIUM POC This Month

A vulnerability was found in SourceCodester Hospital Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-11096 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Task Manager 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Task Manager
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11101 MEDIUM POC This Month

A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-9835 MEDIUM POC This Month

The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Rss Feed Widget
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-11097 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Student Record Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-11111 MEDIUM POC This Month

Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-50313 MEDIUM This Month

A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions <. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Mendix
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-46892 MEDIUM This Month

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sinec Ins
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-46891 MEDIUM This Month

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sinec Ins
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-46889 MEDIUM This Month

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Sinec Ins
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-43643 MEDIUM PATCH This Month

Windows USB Video Class System Driver Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-43638 MEDIUM PATCH This Month

Windows USB Video Class System Driver Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-43637 MEDIUM PATCH This Month

Windows USB Video Class System Driver Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-43634 MEDIUM PATCH This Month

Windows USB Video Class System Driver Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-43449 MEDIUM PATCH This Month

Windows USB Video Class System Driver Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-2315 MEDIUM This Month

APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Aptio V
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2024-8881 MEDIUM This Month

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Command Injection Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +7
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-40592 MEDIUM This Month

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a. Rated medium severity (CVSS 6.7). No vendor patch available.

Apple Jwt Attack Information Disclosure Fortinet Forticlient
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-32118 MEDIUM This Month

Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Command Injection Fortianalyzer Fortianalyzer Big Data Fortimanager
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-31496 MEDIUM This Month

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fortinet Stack Overflow Fortianalyzer Fortianalyzer Big Data +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-49044 MEDIUM PATCH This Month

Visual Studio Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable.

Authentication Bypass Visual Studio 2022
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2024-28728 MEDIUM This Month

Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via a crafted payload to. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link XSS
NVD GitHub
CVSS 3.1
6.6
EPSS
0.5%
CVE-2024-49393 MEDIUM This Month

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Mutt Neomutt Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-11110 MEDIUM This Month

Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Chrome
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-43633 MEDIUM PATCH This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 11 22h2 Windows 11 23h2 Windows 11 24h2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-43451 MEDIUM KEV PATCH THREAT This Month

NTLM Hash Disclosure Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD
CVSS 3.1
6.5
EPSS
81.8%
CVE-2024-9999 MEDIUM This Month

In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-52296 MEDIUM PATCH This Month

libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-51566 MEDIUM This Month

The NVMe driver queue processing is vulernable to guest-induced infinite loops. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-51565 MEDIUM This Month

The hda driver is vulnerable to a buffer over-read from a guest-controlled value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-51563 MEDIUM This Month

The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-51562 MEDIUM This Month

The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over-read from a guest-controlled value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-42372 MEDIUM This Month

Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java SAP
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-51722 MEDIUM This Month

A local privilege escalation vulnerability in the SecuSUITE Server (System Configuration) of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-10179 MEDIUM This Month

The Slickstream: Engagement and Conversions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slick-grid shortcode in all versions up to, and including, 1.4.4 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-11168 MEDIUM This Month

The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD GitHub
CVSS 4.0
6.3
EPSS
0.7%
CVE-2024-11004 MEDIUM This Month

Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-9357 MEDIUM This Month

The xili-tidy-tags plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.12.04 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-10685 MEDIUM PATCH This Month

The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.0.6 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Contact Form 7 Redirect Thank You Page
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-2207 MEDIUM This Month

Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Rated medium severity (CVSS 6.0). No vendor patch available.

Privilege Escalation HP
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-32116 MEDIUM This Month

Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortianalyzer Fortianalyzer Big Data Fortimanager
NVD
CVSS 3.1
6.0
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy