Skip to main content
CVE-2024-12234 MEDIUM POC This Month

A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-12233 MEDIUM POC This Month

A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical.php of the component Profile Picture Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload Online Notice Board
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-12231 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in CodeZips Project Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Project Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-12230 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaint Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-12229 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Complaint Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaint Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-12228 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaint Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-12188 MEDIUM POC This Month

A vulnerability was found in 1000 Projects Library Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Library Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-12187 MEDIUM POC This Month

A vulnerability was found in 1000 Projects Library Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Library Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-54679 MEDIUM POC PATCH This Month

CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Cyberpanel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-53471 MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/meio_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wegia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-53470 MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/gateway_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wegia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-54001 MEDIUM POC This Month

Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kanboard
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-53457 MEDIUM POC PATCH THREAT This Month

A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
42.5%
CVE-2024-12235 MEDIUM POC This Month

A vulnerability was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Agilebpm
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-12232 MEDIUM POC This Month

A vulnerability has been found in code-projects Simple CRUD Functionality 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Crud Functionality
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-12186 MEDIUM POC This Month

A vulnerability was found in code-projects Hotel Management System 1.0 and classified as problematic.c of the component Available Room Handler. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Hotel Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-12185 MEDIUM POC This Month

A vulnerability has been found in code-projects Hotel Management System 1.0 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Hotel Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-54128 MEDIUM POC PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Directus
NVD GitHub
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-12227 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in MSI Dragon Center up to 2.0.146.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD VulDB
CVSS 4.0
6.8
EPSS
0.2%
CVE-2024-42195 MEDIUM This Month

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Hcl Devops Deploy Hcl Launch
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-45841 MEDIUM This Month

Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2024-11779 MEDIUM This Month

The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wip_woocarousel_products_carousel' shortcode in all versions up to, and including, 1.1.6. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-10848 MEDIUM This Month

The NewsMunch theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.35 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-10056 MEDIUM This Month

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's livesite-pay shortcode in all versions up to, and including, 4.10.4 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-10881 MEDIUM This Month

The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lunaradio' shortcode in versions up to, and including, 6.24.11.07 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-45319 MEDIUM This Month

A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sonicwall Sma 200 Firmware Sma 210 Firmware Sma 400 Firmware +2
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-11324 MEDIUM This Month

The Accounting for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-11942 MEDIUM PATCH This Month

A vulnerability in Drupal Core allows File Manipulation.0.0 before 10.2.10. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Drupal
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-53846 MEDIUM This Month

OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-12094 MEDIUM This Month

This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-11420 MEDIUM PATCH This Month

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Blocksy
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-10178 MEDIUM PATCH This Month

The Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Gutentor
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-53702 MEDIUM This Month

Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicwall Sma 200 Firmware Sma 210 Firmware Sma 400 Firmware +2
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-10937 MEDIUM This Month

The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-10716 MEDIUM This Month

Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Infinity
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-12247 MEDIUM This Month

Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x <= 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-54127 MEDIUM This Month

This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required. No vendor patch available.

TP-Link Information Disclosure
NVD
CVSS 4.0
4.3
EPSS
0.2%
CVE-2024-11341 MEDIUM This Month

The Simple Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-10777 MEDIUM This Month

The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERT_ELEMENTOR' shortcode due to insufficient restrictions on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-10933 MEDIUM PATCH This Month

In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Openbsd
NVD
CVSS 4.0
4.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy