Skip to main content
CVE-2024-11716 MEDIUM This Month

While assignment of a user to a team (bracket) in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
5.3
EPSS
6.6%
CVE-2025-0172 MEDIUM POC This Month

A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Chat System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-9950 HIGH This Month

A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows unauthenticated user to modify compliance scripts due to insecure temporary directory. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Secureconnector Windows
NVD
CVSS 4.0
8.5
EPSS
1.8%
CVE-2024-56414 MEDIUM This Month

Web installer integrity check used weak hash algorithm. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2024-56413 MEDIUM This Month

Missing session invalidation after user deletion. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2024-55543 HIGH This Month

Local privilege escalation due to DLL hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-55542 MEDIUM Monitor

Local privilege escalation due to excessive permissions assigned to Tray Monitor service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Apple Windows macOS
NVD
CVSS 3.0
4.4
EPSS
0.1%
CVE-2024-55541 MEDIUM This Month

Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Cyber Protect Windows
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-55540 HIGH This Month

Local privilege escalation due to DLL hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-12907 MEDIUM This Month

Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-0171 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Chat System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Chat System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-56137 MEDIUM POC This Week

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Maxkb
NVD GitHub
CVSS 3.1
6.8
EPSS
3.1%
CVE-2024-13111 MEDIUM POC This Month

A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Java Yunfan Learning Examination System
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2024-13110 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Yunfan Learning Examination System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-13109 MEDIUM POC This Week

A vulnerability was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yunfan Learning Examination System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-13108 MEDIUM This Month

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-13107 MEDIUM This Month

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-13106 MEDIUM This Month

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.8%
CVE-2024-13105 MEDIUM This Month

A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-13104 MEDIUM This Month

A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-13103 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210.cgi of the component Virtual Service Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-13102 MEDIUM This Month

A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-13062 HIGH This Month

An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-13093 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0.php of the component Seeker Profile Handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Job Recruitment
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13092 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Job Recruitment
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-12912 HIGH This Month

An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary command execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-12595 MEDIUM POC Monitor

The AHAthat Plugin WordPress plugin through 1.6 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress XSS Ahathat
NVD WPScan
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-11357 MEDIUM POC This Month

The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Goodlayers Core
NVD WPScan
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-11184 MEDIUM POC Monitor

The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Wp Enable Svg
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-56830 MEDIUM This Month

The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong randomization module is present. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-56829 CRITICAL This Week

Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy