Skip to main content
CVE-2024-12662 MEDIUM POC This Month

A vulnerability classified as problematic has been found in IObit Advanced SystemCare Utimate up to 17.0.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD VulDB
CVSS 4.0
6.8
EPSS
0.3%
CVE-2024-12661 MEDIUM POC This Month

A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD VulDB
CVSS 4.0
6.8
EPSS
0.4%
CVE-2024-12660 MEDIUM POC This Month

A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD VulDB
CVSS 4.0
6.8
EPSS
0.5%
CVE-2024-12659 MEDIUM POC This Month

A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD VulDB
CVSS 4.0
6.8
EPSS
0.5%
CVE-2024-12658 MEDIUM POC This Month

A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic.sys of the component IOCTL Handler. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD VulDB
CVSS 4.0
6.8
EPSS
0.5%
CVE-2024-12657 MEDIUM POC This Month

A vulnerability has been found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD VulDB
CVSS 4.0
6.8
EPSS
0.4%
CVE-2024-12656 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in FabulaTech USB over Network 6.0.6.1. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Usb Over Network
NVD VulDB
CVSS 4.0
6.8
EPSS
0.3%
CVE-2024-12655 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in FabulaTech USB over Network 6.0.6.1. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Usb Over Network
NVD VulDB
CVSS 4.0
6.8
EPSS
0.5%
CVE-2024-12654 MEDIUM POC This Month

A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Usb Over Network
NVD VulDB
CVSS 4.0
6.8
EPSS
0.3%
CVE-2024-12653 MEDIUM POC This Month

A vulnerability classified as problematic has been found in FabulaTech USB over Network 6.0.6.1. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Usb Over Network
NVD VulDB
CVSS 4.0
6.8
EPSS
0.4%
CVE-2024-55452 MEDIUM POC This Month

A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Ujcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-11841 MEDIUM POC This Month

The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tithe Ly Giving Button
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35230 MEDIUM POC PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Information Disclosure Geoserver
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-12665 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in ruifang-tech Rebuild 3.8.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rebuild
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-12664 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in ruifang-tech Rebuild 3.8.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rebuild
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-5333 MEDIUM POC This Month

The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure The Events Calendar
NVD WPScan
CVSS 3.1
5.3
EPSS
1.1%
CVE-2024-8650 MEDIUM POC This Month

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-8116 MEDIUM POC This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-12666 MEDIUM POC This Month

A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Classcms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-55451 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Ujcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-55100 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Online Nurse Hiring System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Nurse Hiring System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-54348 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yaycommerce Brand brand allows Stored XSS.1.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-56011 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ilja Zaglov Responsive Google Maps | by imbaa responsive-google-maps allows Stored XSS.2.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-56001 MEDIUM This Month

Missing Authorization vulnerability in ksher thailand Ksher ksher-payment allows Exploiting Incorrectly Configured Access Control Security Levels.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-56005 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Posti Posti Shipping posti-shipping allows Cross Site Request Forgery.10.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-54354 MEDIUM This Month

Missing Authorization vulnerability in beat.k Termin-Kalender termin-kalender allows Stored XSS.99.47. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-54408 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in codehandling Youtube Video Grid youmax-channel-embeds-for-youtube-businesses allows Exploiting Incorrectly Configured Access Control Security. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-54443 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginsCafe Advanced Data Table For Elementor advanced-data-table-for-elementor allows Stored. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-54441 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meini Utech World Time utech-world-time-for-wp allows Stored XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-54360 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in premila Gutensee gutensee allows DOM-Based XSS.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-54083 MEDIUM PATCH This Month

Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side (webapp and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-12645 MEDIUM This Month

The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal CSRF
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-8798 MEDIUM PATCH This Month

No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-12443 MEDIUM This Month

The CRM Perks - WordPress HelpDesk Integration - Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-12667 MEDIUM This Month

A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Invoiceplane
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.5%
CVE-2024-12663 MEDIUM This Month

A vulnerability classified as problematic was found in funnyzpc Mee-Admin up to 1.6. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.4%
CVE-2024-55996 MEDIUM This Month

Missing Authorization vulnerability in dreamfox Dreamfox Media Payment gateway per Product for Woocommerce woocommerce-product-payments allows Exploiting Incorrectly Configured Access Control. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-56112 MEDIUM PATCH This Month

CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Cyberpanel
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-54442 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cortesfrau Better WP Login Page better-wp-login-page allows Stored XSS.1.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-56087 MEDIUM This Month

An issue was discovered in Logpoint before 7.5.0. Rated medium severity (CVSS 5.9). No vendor patch available.

Command Injection Siem
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-56085 MEDIUM This Month

An issue was discovered in Logpoint before 7.5.0. Rated medium severity (CVSS 5.9). No vendor patch available.

Command Injection Siem
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-11358 MEDIUM This Month

Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Google Mattermost Mobile
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-55998 MEDIUM This Month

Missing Authorization vulnerability in Eric Sloan Popup Surveys & Polls for WordPress (Mare.io) popup-surveys allows Exploiting Incorrectly Configured Access Control Security Levels.io): from n/a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-56004 MEDIUM This Month

Missing Authorization vulnerability in awfowler Easy Site Importer easy-site-importer allows Exploiting Incorrectly Configured Access Control Security Levels.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-55992 MEDIUM This Month

Missing Authorization vulnerability in Open Tools WooCommerce Basic Ordernumbers woocommerce-basic-ordernumbers allows Exploiting Incorrectly Configured Access Control Security Levels.4.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-54430 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Europe Ecologie Les Verts EELV Newsletter eelv-newsletter allows Cross Site Request Forgery.8.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-54419 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in chenyenming Ui Slider Filter By Price ui-slider-filter-by-price allows Cross Site Request Forgery.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-54418 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Diversified Technology Corp. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-54356 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Cross Site Request Forgery.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-55554 MEDIUM This Month

Intrexx Portal Server before 12.0.2 allows XSS via a user-defined portlet. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy