Skip to main content
CVE-2024-11246 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Farmacia
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11245 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Farmacia 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Farmacia
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-11244 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Farmacia 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Farmacia
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-11240 MEDIUM POC This Month

A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic.php of the component Banco de Dados Tab. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ibwebadmin
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-11239 MEDIUM POC This Month

A vulnerability has been found in Landray EKP up to 16.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Landray Ekp
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.5%
CVE-2024-10934 CRITICAL PATCH Act Now

In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Openbsd
NVD
CVSS 4.0
9.2
EPSS
0.4%
CVE-2024-11242 MEDIUM POC This Month

A vulnerability was found in ZZCMS 2023. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-11262 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as critical. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Student Record Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.4%
CVE-2024-11261 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Student Record Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Student Record Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-49060 HIGH This Week

Azure Stack HCI Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Azure Stack Hci
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-45608 HIGH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Glpi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-41679 HIGH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Glpi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-40638 HIGH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Glpi
NVD GitHub
CVSS 3.1
8.8
EPSS
36.7%
CVE-2024-50355 MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Java Librenms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-49758 MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Java Librenms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-0875 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-10311 HIGH This Week

The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress External Database Based Actions
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-10534 HIGH This Week

Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traffic Injection. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Personnel Attendance Control Systems Access Control Security Systems
NVD VulDB
CVSS 4.0
8.6
EPSS
0.2%
CVE-2024-11263 HIGH PATCH This Week

When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-50652 MEDIUM POC This Month

A file upload vulnerability in java_shop 1.0 allows attackers to upload arbitrary files by modifying the avatar function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Java Shop
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-52519 HIGH PATCH This Week

Nextcloud Server is a self hosted personal cloud system. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-39726 HIGH This Week

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XXE Engineering Lifecycle Optimization Engineering Insights
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-52508 HIGH PATCH This Week

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nextcloud Information Disclosure Mail
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-9500 HIGH This Week

A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Installer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-46467 HIGH This Week

By default, dedicated folders of ZONEPOINT for Windows up to 2024.1 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-46466 HIGH This Week

By default, dedicated folders of ZONECENTRAL for Windows up to 2024.3 or up to Q.2021.2 (ANSSI qualification submission) can be accessed by other users to misuse technical files and make them perform. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-46465 HIGH This Week

By default, dedicated folders of CRYHOD for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Microsoft Cryhod
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-46463 HIGH This Week

By default, dedicated folders of ORIZON for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-46462 HIGH This Week

By default, dedicated folders of ZEDMAIL for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-52555 HIGH This Week

In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Webstorm
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38370 HIGH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Glpi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-44759 HIGH This Week

An arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Nus M9 Erp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-45969 HIGH This Week

NULL pointer dereference in the MMS Client in MZ Automation LibIEC1850 before commit 7afa40390b26ad1f4cf93deaa0052fe7e357ef33 allows a malicious server to Cause a Denial-of-Service via the MMS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-24426 HIGH This Week

Reachable assertions in the NGAP_FIND_PROTOCOLIE_BY_ID function of OpenAirInterface Magma v1.8.0 and OAI EPC Federation v1.2.0 allow attackers to cause a Denial of Service (DoS) via a crafted NGAP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-52510 HIGH PATCH This Week

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Desktop
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-52525 HIGH PATCH This Week

Nextcloud Server is a self hosted personal cloud system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Redis PHP Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-50647 HIGH This Week

The python_food ordering system V1.0 has an unauthorized vulnerability that leads to the leakage of sensitive user information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-41784 HIGH This Week

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling Secure Proxy
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-45784 HIGH PATCH This Week

Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Airflow
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-10260 HIGH This Week

The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.11 due to insufficient input sanitization and output. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Tripetto
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-49592 MEDIUM This Month

Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-47759 MEDIUM This Month

GLPI is a free Asset and IT management software package. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 4.0
6.7
EPSS
0.4%
CVE-2024-24446 MEDIUM This Month

An uninitialized pointer dereference in OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialContextSetupResponse message sent to the AMF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-24425 MEDIUM This Month

Magma v1.8.0 and OAI EPC Federation v1.20 were discovered to contain an out-of-bounds read in the amf_as_establish_req function at /tasks/amf/amf_as.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-52511 MEDIUM PATCH This Month

Nextcloud Tables allows users to to create tables with individual columns. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Tables
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-24449 MEDIUM This Month

An uninitialized pointer dereference in the NasPdu::NasPdu component of OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialUEMessage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-52523 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-52520 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Nextcloud Denial Of Service Nextcloud Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-52515 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-10113 MEDIUM This Month

The WP AdCenter - Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpadcenter_ad shortcode in all versions up to, and including, 2.5.7 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wp Adcenter
NVD
CVSS 3.1
6.4
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy