Skip to main content
CVE-2024-13038 MEDIUM POC This Month

A vulnerability was found in CodeAstro Simple Loan Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Loan Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-13042 MEDIUM POC This Month

A vulnerability was found in Tsinghua Unigroup Electronic Archives Management System 3.2.210802(62532). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-13039 MEDIUM POC This Month

A vulnerability was found in code-projects Simple Chat System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Chat System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-13037 MEDIUM POC This Month

A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Attendance Tracking Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-13029 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Antabot White-Jotter up to 0.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF White Jotter
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-13032 MEDIUM POC This Month

A vulnerability classified as problematic was found in Antabot White-Jotter up to 0.2.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF White Jotter
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-13031 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Antabot White-Jotter up to 0.2.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS White Jotter
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-56801 MEDIUM PATCH This Month

Tasklists provides plugin tasklists for GLPI. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Tasklists
NVD GitHub
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-56516 MEDIUM This Month

free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-13030 MEDIUM This Month

A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 823G Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.9%
CVE-2024-11946 MEDIUM This Month

iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Truenas Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-46542 MEDIUM This Month

Veritas / Arctera Data Insight before 7.1.1 allows Application Administrators to conduct SQL injection attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-47918 MEDIUM This Month

Tiki Wiki CMS - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Command Injection
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-56733 MEDIUM This Month

Password Pusher is an open source application to communicate sensitive information over the web. Rated medium severity (CVSS 5.7). No vendor patch available.

Authentication Bypass XSS Session Fixation
NVD GitHub
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-12754 MEDIUM This Month

AnyDesk Link Following Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Anydesk
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2024-56517 MEDIUM This Month

LGSL (Live Game Server List) provides online status lists for online video games. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-50702 MEDIUM PATCH This Month

TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Teampass
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-47923 MEDIUM This Month

Mashov - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-13036 MEDIUM This Month

A vulnerability was found in code-projects Chat System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Chat System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-13035 MEDIUM This Month

A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Chat System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-13034 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in code-projects Chat System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Chat System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-13033 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in code-projects Chat System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Chat System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-13058 MEDIUM This Month

An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
4.8
EPSS
0.4%
CVE-2024-12993 MEDIUM This Month

Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-52294 MEDIUM PATCH This Month

Khoj is a self-hostable artificial intelligence app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-50701 MEDIUM PATCH This Month

TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Teampass
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy