Skip to main content
CVE-2024-11860 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-11819 MEDIUM POC This Month

A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Portfolio Management System Mca
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-11818 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul User Registration & Login and User Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP User Registration Login And User Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-51228 MEDIUM POC This Month

An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
CVSS 3.1
6.8
EPSS
3.8%
CVE-2024-11820 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in code-projects Crud Operation System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Crud Operation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-53635 MEDIUM POC This Month

A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Covid19 Testing Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-53260 MEDIUM PATCH This Month

Autolab is a course management service that enables auto-graded programming assignments. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Autolab
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-53858 MEDIUM PATCH This Month

The gh cli is GitHub’s official command line tool. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-10895 MEDIUM This Month

The Counter Up - Animated Number Counter & Milestone Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lgx-counter' shortcode in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-21703 MEDIUM This Month

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. Rated medium severity (CVSS 6.4). No vendor patch available.

Atlassian Information Disclosure Microsoft Confluence Data Center Confluence Server
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-10175 MEDIUM This Month

The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wdo_pricing_tables shortcode in all versions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-42328 MEDIUM This Month

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Zabbix
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-11025 MEDIUM This Month

An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-10580 MEDIUM This Month

The Hustle - Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submit_form() function in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-11083 MEDIUM PATCH This Month

The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Profilepress
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-53264 MEDIUM PATCH This Month

bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Google
NVD GitHub
CVSS 4.0
5.1
EPSS
0.8%
CVE-2024-11862 MEDIUM PATCH This Month

Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-11009 MEDIUM This Month

The Internal Linking for SEO traffic & Ranking - Auto internal links (100% automatic) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘post_id’ parameter in all versions up to,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-46055 MEDIUM This Month

OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in review names. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openvidreview
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-53849 MEDIUM This Month

editorconfig-core-c is theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow
NVD GitHub
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-42326 MEDIUM This Month

There was discovered a use after free bug in browser.c in the es_browser_get_variant function. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Zabbix
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-53855 MEDIUM PATCH This Month

Centurion ERP (Enterprise Rescource Planning) is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management (ITSM) modules. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Centurion Erp
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-54004 MEDIUM PATCH This Month

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jenkins Filesystem List Parameter
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2024-10521 MEDIUM PATCH This Month

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wordpress Contact Forms
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-37816 MEDIUM This Month

Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
4.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy