Skip to main content
CVE-2024-11673 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in 1000 Projects Bookstore Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Bookstore Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-11663 MEDIUM POC This Month

A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Commerce Site
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-11649 MEDIUM POC This Month

A vulnerability has been found in 1000 Projects Beauty Parlour Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-11648 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in 1000 Projects Beauty Parlour Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-11647 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-11646 MEDIUM POC This Month

A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-10709 MEDIUM POC This Month

The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Yadisk Files
NVD WPScan
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-53255 MEDIUM POC PATCH This Month

BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Boidcms
NVD GitHub
CVSS 4.0
5.3
EPSS
0.9%
CVE-2024-11661 MEDIUM POC This Month

A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload Free Exam Hall Seating Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-11660 MEDIUM POC This Month

A vulnerability was found in code-projects Farmacia 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Farmacia
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-11659 MEDIUM POC THREAT This Month

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.8%
CVE-2024-11658 MEDIUM POC THREAT This Month

A vulnerability has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.8%
CVE-2024-11657 MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.8%
CVE-2024-11656 MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.5%
CVE-2024-11655 MEDIUM POC THREAT This Month

A vulnerability classified as critical was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.5%
CVE-2024-11654 MEDIUM POC THREAT This Month

A vulnerability classified as critical has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.8%
CVE-2024-11653 MEDIUM POC THREAT This Month

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.8%
CVE-2024-11652 MEDIUM POC THREAT This Month

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens500 Ac Firmware Ens620Ext Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
28.9%
CVE-2024-11651 MEDIUM POC THREAT This Month

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
26.2%
CVE-2024-6393 MEDIUM POC This Month

The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images settings, which could allow high privilege users such as Admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Nextgen Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-10270 MEDIUM PATCH This Month

A vulnerability was found in the Keycloak-services package. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-53597 MEDIUM This Month

masterstack_imgcap v0.0.1 was discovered to contain a SQL injection vulnerability via the endpoint /submit. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-53556 MEDIUM This Month

An Open Redirect vulnerability in Taiga v6.8.1 allows attackers to redirect users to arbitrary websites via appending a crafted link to /login?next= in the login page URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-10451 MEDIUM PATCH This Month

A flaw was found in Keycloak. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2024-52529 MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cilium
NVD GitHub
CVSS 3.1
5.8
EPSS
0.5%
CVE-2024-53101 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in from_kuid and from_kgid ocfs2_setattr() uses attr->ia_mode, attr->ia_uid and attr->ia_gid in a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-53097 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm: krealloc: Fix MTE false alarm in __do_krealloc This patch addresses an issue introduced by commit 1a83a716ec233 ("mm: krealloc:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-53599 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the /scroll.php endpoint of LafeLabs Chaos v0.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-32468 MEDIUM PATCH This Month

Deno is a runtime for JavaScript and TypeScript written in rust. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-11671 MEDIUM This Month

Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Remote Desktop Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-11670 MEDIUM This Month

Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Remote Desktop Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-53930 MEDIUM This Month

WikiDocs before 1.0.65 allows stored XSS by authenticated users via data that comes after $$\\, which is mishandled by a KaTeX parser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-11662 MEDIUM This Month

A vulnerability was found in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6538 MEDIUM This Month

A flaw was found in OpenShift Console. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-11483 MEDIUM This Month

A vulnerability was found in the Ansible Automation Platform (AAP). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.0
EPSS
0.5%
CVE-2024-53100 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queue_lock lock and destroy Commit 76d54bf20cdc ("nvme-tcp: don't access released socket during error. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-9666 MEDIUM PATCH This Month

A vulnerability was found in the Keycloak Server. Rated medium severity (CVSS 4.7). No vendor patch available.

Request Smuggling Denial Of Service
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-51723 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the Management Console of BlackBerry AtHoc version 7.15 could allow an attacker to potentially execute actions in the context of the victim's. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Athoc
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-50671 MEDIUM This Month

Incorrect access control in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-11672 MEDIUM This Month

Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Microsoft Remote Desktop Manager
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy