Skip to main content
CVE-2024-11817 MEDIUM POC This Month

A vulnerability was found in PHPGurukul User Registration & Login and User Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP User Registration Login And User Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-11744 MEDIUM POC This Month

A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Portfolio Management System Mca
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-11743 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-53619 MEDIUM POC This Month

An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Spip
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-53365 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/profile.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Vehicle Parking Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-11742 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0.php?action=save_tenant. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11678 MEDIUM POC This Month

A vulnerability was found in CodeAstro Hospital Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11677 MEDIUM POC This Month

A vulnerability was found in CodeAstro Hospital Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11676 MEDIUM POC This Month

A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11675 MEDIUM POC This Month

A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11674 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in CodeAstro Hospital Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-53620 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Spip
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-10471 MEDIUM POC This Month

The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Everest Forms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-11407 MEDIUM PATCH This Month

There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable.

Denial Of Service Grpc
NVD GitHub
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-11708 MEDIUM This Month

Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-11706 MEDIUM This Month

A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Mozilla Firefox Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-50377 MEDIUM This Month

A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<=. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-10857 MEDIUM PATCH This Month

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress Path Traversal Product Input Fields For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-49596 MEDIUM This Month

Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Denial Of Service Wyse Management Suite
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-38832 MEDIUM This Month

VMware Aria Operations contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS VMware Aria Operations Cloud Foundation
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-11192 MEDIUM This Month

The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-11119 MEDIUM This Month

The BNE Gallery Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 1.2.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-11091 MEDIUM This Month

The Support SVG - Upload svg files in wordpress without hassle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-53844 MEDIUM This Month

E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Docker
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-47248 MEDIUM PATCH This Month

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apache Nimble
NVD GitHub
CVSS 3.1
6.3
EPSS
0.7%
CVE-2024-6749 MEDIUM This Month

Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident report feature may expose sensitive credentials on the AXIS Camera Station windows client. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-11002 MEDIUM PATCH This Month

The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection WordPress RCE Inpost Gallery
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2024-51058 MEDIUM PATCH This Month

Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Path Traversal Information Disclosure Tcpdf
NVD GitHub
CVSS 3.1
6.2
EPSS
0.8%
CVE-2024-10878 MEDIUM PATCH This Month

The Sugar Calendar - Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Sugar Calendar
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-11032 MEDIUM This Month

The Parsi Date plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-11202 MEDIUM This Month

Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cminds_free_guide shortcode in various versions due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-11418 MEDIUM This Month

The Additional Order Filters for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shipping_method_filter' parameter in all versions up to, and including, 1.21. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-11342 MEDIUM This Month

The Skt NURCaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-32151 MEDIUM This Month

User passwords are decrypted and stored on memory before any user logged in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2024-29978 MEDIUM This Month

User passwords are decrypted and stored on memory before any user logged in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2024-29146 MEDIUM This Month

User passwords are decrypted and stored on memory before any user logged in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2024-28955 MEDIUM This Month

Affected devices create coredump files when crashed, storing them with world-readable permission. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2024-49353 MEDIUM This Month

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Race Condition Denial Of Service Watson Assistant For Ibm Cloud Pak For Data
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-43784 MEDIUM PATCH This Month

lakeFS is an open-source tool that transforms object storage into a Git-like repository. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-11703 MEDIUM This Month

On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla Firefox
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-52337 MEDIUM This Month

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-53267 MEDIUM PATCH This Month

sigstore-java is a sigstore java client for interacting with sigstore infrastructure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Java Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-49351 MEDIUM This Month

IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Workload Scheduler
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-8236 MEDIUM This Month

The Elementor Website Builder - More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter of the Icon widget in all versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Website Builder
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-53976 MEDIUM This Month

Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Mozilla Firefox
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-53975 MEDIUM This Month

Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-38833 MEDIUM This Month

VMware Aria Operations contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS VMware Aria Operations Cloud Foundation
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-10308 MEDIUM PATCH This Month

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Countdown widget in all versions up to, and including, 2.6.9 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Jeg Elementor Kit
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10240 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-11668 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy