Skip to main content
CVE-2024-12353 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Phone Contact Manager System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2023-47698 HIGH This Week

Missing Authorization vulnerability in shohei.tanaka Japanized For WooCommerce woocommerce-for-japan allows Exploiting Incorrectly Configured Access Control Security Levels.6.4. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2024-54149 HIGH PATCH This Week

Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass PHP Winter
NVD GitHub
CVSS 3.1
8.4
EPSS
0.4%
CVE-2023-49817 HIGH This Week

Missing Authorization vulnerability in heolixfy Flexible Woocommerce Checkout Field Editor flexible-woocommerce-checkout-field-editor allows Exploiting Incorrectly Configured Access Control Security. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2023-48286 HIGH This Week

Missing Authorization vulnerability in mra13 Stripe Payments stripe-payments allows Exploiting Incorrectly Configured Access Control Security Levels.0.79. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2023-51355 HIGH This Week

Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Exploiting Incorrectly Configured Access Control Security Levels.0.23. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-49856 HIGH This Week

Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.6.84. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-45761 HIGH This Week

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Dell Denial Of Service Openmanage Server Administrator
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-50625 HIGH This Week

An issue was discovered in Digi ConnectPort LTS before 1.4.12. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation File Upload Connectport Lts Firmware
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-54225 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codegearthemes Designer designer allows PHP Local File Inclusion.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2024-52586 HIGH This Week

eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Elabftw
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-11608 HIGH This Week

A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Information Disclosure RCE Revit
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-11454 HIGH This Week

A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Revit
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-49600 HIGH This Week

Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE Dell Power Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-53790 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ogun Labs Lenxel Core for Lenxel(LNX) LMS lenxel-core allows PHP Local File Inclusion.3.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-25714 HIGH This Week

Missing Authorization vulnerability in fullworks Quick Paypal Payments quick-paypal-payments allows Exploiting Incorrectly Configured Access Control Security Levels.7.25. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-53949 HIGH PATCH This Week

Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Superset
NVD
CVSS 4.0
7.6
EPSS
0.7%
CVE-2023-22701 HIGH This Week

Missing Authorization vulnerability in motov.net Ebook Store ebook-store allows Exploiting Incorrectly Configured Access Control Security Levels.775. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-49831 HIGH This Week

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-46547 HIGH This Week

A vulnerability was found in Romain Bourdon Wampserver all versions (discovered in v3.2.3 and v3.2.6) where unauthorized users could access sensitive information due to improper access control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-55580 HIGH This Week

An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection RCE Microsoft
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-49158 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Binh Nguyen LadiApp ladipage allows Stored XSS.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-54219 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thehp AIO Contact aio-contact.8.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-54220 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in roninwp FAT Services Booking fat-services-booking allows Stored XSS.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-54226 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in karlkiesinger Country Blocker country-blocker allows Stored XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-12357 MEDIUM This Month

A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Best House Rental Management System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-12347 MEDIUM This Month

A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical.html of the component Druid Monitoring Interface. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jeewms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-54147 MEDIUM This Month

Altair is a GraphQL client for all platforms. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-53814 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Adnan Analytify wp-analytify.4.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-55566 MEDIUM This Month

ColPack 1.0.10 through 9a7293a has a predictable temporary file (located under /tmp with a name derived from an unseeded RNG). Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.6
EPSS
0.2%
CVE-2023-48274 MEDIUM This Month

Missing Authorization vulnerability in WcMultishipping - Mondial Relay & Chronopost for Wooommerce WCMultiShipping wc-multishipping allows Exploiting Incorrectly Configured Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-32299 MEDIUM This Month

Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Sales Report ni-woocommerce-sales-report allows Exploiting Incorrectly Configured Access Control Security Levels.7.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-47826 MEDIUM This Month

Missing Authorization vulnerability in nicheaddons Restaurant & Cafe Addon for Elementor restaurant-cafe-addon-for-elementor allows Exploiting Incorrectly Configured Access Control Security. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Elementor
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-54260 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Stored XSS.4.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-54232 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RRDevs RRAddons for Elementor rrdevs-for-elementor allows Stored XSS.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-54230 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Masud Hasan Unlock Addons for Elementor unlock-addons-for-elementor allows DOM-Based XSS.2.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-54228 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weboccult Technologies Pvt Ltd Wot Elementor Widgets wot-elementor-widgets allows DOM-Based. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-54251 MEDIUM This Month

Missing Authorization vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-54224 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite allows DOM-Based XSS.4.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49167 MEDIUM This Month

Missing Authorization vulnerability in code4life Database for CF7 database-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.2.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-54247 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ABCBiz ABCBiz Addons and Templates for Elementor abcbiz-addons allows Stored XSS.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-53818 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post.1.15. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-53791 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ogun Labs Lenxel Core for Lenxel(LNX) LMS lenxel-core allows DOM-Based XSS.3.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-54253 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons.4.6.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-28689 MEDIUM This Month

Missing Authorization vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-47764 MEDIUM This Month

Missing Authorization vulnerability in metaphorcreations Ditty ditty-news-ticker allows Exploiting Incorrectly Configured Access Control Security Levels.1.24. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-54218 MEDIUM This Month

Missing Authorization vulnerability in thehp AIO Contact aio-contact.8.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-25035 MEDIUM This Month

Missing Authorization vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Exploiting Incorrectly Configured Access Control Security Levels.0.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-49857 MEDIUM This Month

Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.1.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-49848 MEDIUM This Month

Missing Authorization vulnerability in Marc dooder Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy woo-aliexpress-dropshipping allows Exploiting Incorrectly Configured Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
Prev Page 2 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy