Skip to main content
CVE-2024-44309 MEDIUM KEV THREAT This Month

A cookie management issue was addressed with improved state management. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Apple Intel XSS
NVD VulDB
CVSS 3.1
6.3
EPSS
1.2%
CVE-2024-52597 MEDIUM POC PATCH This Month

2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS 2fauth
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-52702 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mybb
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-52701 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Piwigo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-48535 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Esoft Planner
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-48534 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability on the Camp Details module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Esoft Planner
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-48531 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability on the Rental Availability module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Esoft Planner
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-51209 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Client Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-48533 MEDIUM POC This Month

A discrepancy between responses for valid and invalid e-mail accounts in the Forgot your Login? module of eSoft Planner 3.24.08271-USA allows attackers to enumerate valid user e-mail accounts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Esoft Planner
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-11493 MEDIUM POC This Month

A vulnerability classified as problematic was found in 115cms up to 20240807. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS 115Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-11492 MEDIUM POC This Month

A vulnerability classified as problematic has been found in 115cms up to 20240807. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS 115Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-11491 MEDIUM POC This Month

A vulnerability was found in 115cms up to 20240807. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS 115Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-11490 MEDIUM POC This Month

A vulnerability was found in 115cms up to 20240807. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS 115Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-11489 MEDIUM POC This Month

A vulnerability was found in 115cms up to 20240807. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS 115Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-11488 MEDIUM POC This Month

A vulnerability was found in 115cms up to 20240807 and classified as problematic.html. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS 115Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-52725 MEDIUM POC This Month

SemCms v4.8 was discovered to contain a SQL injection vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE SQLi Semcms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-52757 MEDIUM POC This Month

D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Di 8003 Firmware
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-52754 MEDIUM POC This Month

D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Di 8003 Firmware
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-11406 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django CMS Attributes Fields allows Stored XSS.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS
NVD GitHub VulDB
CVSS 3.1
6.9
EPSS
0.1%
CVE-2024-45689 MEDIUM PATCH This Month

A flaw was found in Moodle. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Moodle
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-11179 MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'status_type' parameter in all versions up to, and including, 4.15.7 due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Google Apple Mstore Api
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-10891 MEDIUM This Month

The Save as PDF Plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'save_as_pdf_pdfcrowd' shortcode in all versions up to, and including, 4.2.1 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Save As Pdf
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-9239 MEDIUM PATCH This Month

The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Booster For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8726 MEDIUM PATCH This Month

The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Mailchimp Forms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-11277 MEDIUM PATCH This Month

The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS 404 Solution
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-9653 MEDIUM PATCH This Month

The Restaurant Menu - Food Ordering System - Table Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Restaurant Menu Food Ordering System Table Reservation
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-11278 MEDIUM This Month

The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-11404 MEDIUM PATCH This Month

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Python File Upload XSS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-10665 MEDIUM This Month

The Yaad Sarig Payment Gateway For WC plugin for WordPress is vulnerable to unauthorized modification & access of data due to a missing capability check on the yaadpay_view_log_callback() and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-45510 MEDIUM This Month

An issue was discovered in Zimbra Collaboration (ZCS) through 10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zimbra Collaboration Suite
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-45511 MEDIUM This Month

An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zimbra Collaboration Suite
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-45691 MEDIUM PATCH This Month

A flaw was found in Moodle. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Moodle
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-10872 MEDIUM PATCH This Month

The Getwid - Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template-post-custom-field` block in all versions up to, and including, 2.0.12 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Getwid
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-52796 MEDIUM PATCH This Month

Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-11487 MEDIUM This Month

A vulnerability has been found in Code4Berry Decoration Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Decoration Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-11486 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Code4Berry Decoration Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Decoration Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-11485 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in Code4Berry Decoration Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Decoration Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-11484 MEDIUM This Month

A vulnerability classified as critical was found in Code4Berry Decoration Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Decoration Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-10520 MEDIUM This Month

The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'Create_Milestone', 'Create_Task_List',. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wp Project Manager
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-11176 MEDIUM This Month

Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an authenticated user to access object information via incorrect evaluation of effective permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-10126 MEDIUM This Month

Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure M Files Server
NVD
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-52033 MEDIUM This Month

Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-47865 MEDIUM This Month

Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-11154 MEDIUM This Month

The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-48899 MEDIUM PATCH This Month

A vulnerability was found in Moodle. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Moodle
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-10365 MEDIUM PATCH This Month

The The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure PHP The Plus Addons For Elementor
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-52614 MEDIUM This Month

Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK" for Android versions prior to 3.8.5. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
CVSS 3.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy