Skip to main content
CVE-2024-5030 LOW POC Monitor

The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Cm Table Of Contents
NVD WPScan
CVSS 3.1
3.8
EPSS
0.2%
CVE-2024-47820 LOW PATCH Monitor

MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity.

Path Traversal Markus
NVD GitHub
CVSS 3.1
3.5
EPSS
0.7%
CVE-2024-52587 LOW Monitor

StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
2.7
EPSS
2.7%
CVE-2024-52585 LOW PATCH Monitor

Autolab is a course management service that enables auto-graded programming assignments. Rated low severity (CVSS 1.2), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Autolab
NVD GitHub
CVSS 4.0
1.2
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy