Skip to main content
CVE-2024-56311 HIGH POC This Week

REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery (CSRF) attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Redcap
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-56310 HIGH POC This Week

REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Redcap
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-56314 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Redcap
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-56313 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Redcap
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-56312 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Project Dashboard name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Redcap
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-12892 MEDIUM POC This Month

A vulnerability classified as problematic was found in code-projects Online Exam Mastering System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Exam Mastering System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-12891 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Online Exam Mastering System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Exam Mastering System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12890 MEDIUM POC This Month

A vulnerability was found in code-projects Online Exam Mastering System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Exam Mastering System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12893 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Educar
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-56375 HIGH This Week

An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Fort Validator
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-12896 MEDIUM This Month

A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222 and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-12895 MEDIUM PATCH This Month

A vulnerability has been found in TreasureHuntGame TreasureHunt up to 963e0e0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP Treasurehunt
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12894 MEDIUM PATCH This Month

A vulnerability, which was classified as critical, was found in TreasureHuntGame TreasureHunt up to 963e0e0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP Treasurehunt
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11852 MEDIUM PATCH This Month

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to unauthorized access of data due to a missing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Element Pack
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy