Skip to main content
CVE-2024-12792 MEDIUM POC This Month

A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Commerce Site
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-12791 MEDIUM POC This Month

A vulnerability was found in Codezips E-Commerce Site 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Commerce Site
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-12788 MEDIUM POC This Month

A vulnerability was found in Codezips Technical Discussion Forum 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Technical Discussion Forum
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-55603 MEDIUM POC PATCH This Month

Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Docker Kanboard
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-53991 MEDIUM POC THREAT This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Nginx Discourse
NVD GitHub
CVSS 3.1
5.9
EPSS
25.4%
CVE-2024-12794 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Commerce Site
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12790 MEDIUM POC This Month

A vulnerability was found in code-projects Hostel Management Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hostel Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12785 MEDIUM POC This Month

A vulnerability was found in itsourcecode Vehicle Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Vehicle Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12784 MEDIUM POC This Month

A vulnerability was found in itsourcecode Vehicle Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Vehicle Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12783 MEDIUM POC This Month

A vulnerability was found in itsourcecode Vehicle Management System 1.0 and classified as problematic.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Vehicle Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-12787 MEDIUM This Month

A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Attendance Tracking Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-12782 MEDIUM This Month

A vulnerability has been found in Fujifilm Business Innovation Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-37962 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Inc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-7139 MEDIUM This Month

Due to an unchecked buffer length, a specially crafted L2CAP packet can cause a buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-7138 MEDIUM This Month

An assert may be triggered, causing a temporary denial of service when a peer device sends a specially crafted malformed L2CAP packet. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-7137 MEDIUM This Month

The L2CAP receive data buffer for L2CAP packets is restricted to packet sizes smaller than the maximum supported packet size. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-45818 MEDIUM PATCH This Month

The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Xen
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-12560 MEDIUM PATCH This Month

The Button Block - Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Button Block
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-10548 MEDIUM PATCH This Month

The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Wp Project Manager
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-52897 MEDIUM This Month

IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Mq
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-52896 MEDIUM This Month

IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Mq
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-52794 MEDIUM This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Discourse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-47093 MEDIUM PATCH This Month

Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nagvis
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-12798 MEDIUM PATCH This Month

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

RCE Java
NVD
CVSS 4.0
5.9
EPSS
0.4%
CVE-2024-11616 MEDIUM This Month

Netskope was made aware of a security vulnerability in Netskope Endpoint DLP’s Content Control Driver where a double-fetch issue leads to heap overflow. Rated medium severity (CVSS 5.6). No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVSS 4.0
5.6
EPSS
0.3%
CVE-2024-45819 MEDIUM PATCH This Month

PVH guests have their ACPI tables constructed by the toolstack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Xen
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-49336 MEDIUM This Month

IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM Security Guardium
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-12121 MEDIUM This Month

The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-51471 MEDIUM This Month

IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Buffer Overflow Information Disclosure Mq Appliance
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-12793 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Pbootcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12789 MEDIUM This Month

A vulnerability was found in PbootCMS up to 3.2.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Pbootcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11768 MEDIUM PATCH This Month

The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Download Manager
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-12569 MEDIUM This Month

Disclosure of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera credentials stored in the Recording Server under. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.2
EPSS
0.1%
CVE-2024-9102 MEDIUM This Month

phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Code Injection
NVD GitHub
CVSS 4.0
5.0
EPSS
0.4%
CVE-2024-38864 MEDIUM This Month

Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Checkmk
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-2201 MEDIUM This Month

A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Intel Linux
NVD GitHub
CVSS 3.1
4.7
EPSS
8.6%
CVE-2024-12331 MEDIUM This Month

The File Manager Pro - Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_plugin' function in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Filester
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-54009 MEDIUM This Month

Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information. Rated medium severity (CVSS 4.0). No vendor patch available.

Authentication Bypass Information Disclosure
NVD
CVSS 3.1
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy