Skip to main content
CVE-2023-47647 MEDIUM This Month

Missing Authorization vulnerability in LearningTimes BadgeOS allows Exploiting Incorrectly Configured Access Control Security Levels.7.1.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-46196 MEDIUM This Month

Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso allows Exploiting Incorrectly Configured Access Control Security Levels.97. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-46188 MEDIUM This Month

Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins - Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.1.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-46628 MEDIUM This Month

Missing Authorization vulnerability in RedLettuce Plugins WP Word Count allows Exploiting Incorrectly Configured Access Control Security Levels.2.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-47692 MEDIUM This Month

Missing Authorization vulnerability in Flothemes Flo Forms allows Exploiting Incorrectly Configured Access Control Security Levels.0.41. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-46612 MEDIUM This Month

Missing Authorization vulnerability in codedrafty Mediabay allows Exploiting Incorrectly Configured Access Control Security Levels.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-45110 MEDIUM This Month

Missing Authorization vulnerability in BoldThemes Bold Timeline Lite allows Exploiting Incorrectly Configured Access Control Security Levels.1.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-37478 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Ashe allows Cross Site Request Forgery.233. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-37467 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ThemeIsle Hestia allows Cross Site Request Forgery.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-37238 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Greg Winiarski WPAdverts - Classifieds Plugin allows Cross Site Request Forgery.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-43927 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Till Krüss Email Address Encoder allows Cross Site Request Forgery.0.23. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-45631 MEDIUM This Month

Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.0.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-45101 MEDIUM This Month

Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.36.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-55538 MEDIUM This Month

Sensitive information disclosure due to missing authentication. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Authentication Bypass Apple
NVD VulDB
CVSS 3.0
4.0
EPSS
0.1%
CVE-2024-8447 MEDIUM PATCH This Month

A security issue was discovered in the LRA Coordinator component of Narayana. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Red Hat
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-0173 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-56199 MEDIUM POC This Month

phpMyFAQ is an open source FAQ web application. Rated medium severity (CVSS 5.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XSS Phpmyfaq
NVD GitHub
CVSS 3.1
5.2
EPSS
0.2%
CVE-2024-11717 MEDIUM This Month

Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.3
EPSS
0.3%
CVE-2024-11716 MEDIUM This Month

While assignment of a user to a team (bracket) in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
5.3
EPSS
6.6%
CVE-2025-0172 MEDIUM POC This Month

A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Chat System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-56414 MEDIUM This Month

Web installer integrity check used weak hash algorithm. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2024-56413 MEDIUM This Month

Missing session invalidation after user deletion. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2024-55542 MEDIUM Monitor

Local privilege escalation due to excessive permissions assigned to Tray Monitor service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Apple Windows macOS
NVD
CVSS 3.0
4.4
EPSS
0.1%
CVE-2024-55541 MEDIUM This Month

Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Cyber Protect Windows
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-12907 MEDIUM This Month

Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-0171 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Chat System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Chat System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-56137 MEDIUM POC This Week

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Maxkb
NVD GitHub
CVSS 3.1
6.8
EPSS
3.1%
CVE-2024-13111 MEDIUM POC This Month

A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Java Yunfan Learning Examination System
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2024-13110 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Yunfan Learning Examination System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-13109 MEDIUM POC This Week

A vulnerability was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yunfan Learning Examination System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-13108 MEDIUM This Month

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-13107 MEDIUM This Month

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-13106 MEDIUM This Month

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.8%
CVE-2024-13105 MEDIUM This Month

A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-13104 MEDIUM This Month

A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-13103 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210.cgi of the component Virtual Service Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-13102 MEDIUM This Month

A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-13093 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0.php of the component Seeker Profile Handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Job Recruitment
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13092 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Job Recruitment
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-12595 MEDIUM POC Monitor

The AHAthat Plugin WordPress plugin through 1.6 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress XSS Ahathat
NVD WPScan
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-11357 MEDIUM POC This Month

The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Goodlayers Core
NVD WPScan
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-11184 MEDIUM POC Monitor

The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Wp Enable Svg
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-56830 MEDIUM This Month

The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong randomization module is present. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy