Skip to main content
CVE-2024-54764 MEDIUM POC This Month

An access control issue in the component /login/hostinfo2.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
6.0%
CVE-2024-54763 MEDIUM POC This Month

An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
3.6%
CVE-2024-51112 MEDIUM POC This Month

Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect XSS Pnetlab
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6604 MEDIUM POC PATCH This Month

A flaw was found in FFmpeg. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Ffmpeg Suse
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-6601 MEDIUM POC PATCH This Month

A flaw was found in FFmpeg's HLS demuxer. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Ffmpeg Suse
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2024-51111 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pnetlab
NVD GitHub
CVSS 3.1
4.1
EPSS
0.3%
CVE-2025-21616 MEDIUM POC This Month

Plane is an open-source project management tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Plane
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-53936 MEDIUM This Month

The com.asianmobile.callcolor (aka Color Phone Call Screen App) application through 24 for Android enables any application (with no permissions) to place phone calls without user interaction by. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-53935 MEDIUM This Month

The com.callos14.callscreen.colorphone (aka iCall OS17 - Color Phone Flash) application through 4.3 for Android enables any application (with no permissions) to place phone calls without user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-53933 MEDIUM This Month

The com.callerscreen.colorphone.themes.callflash (aka Color Call Theme & Call Screen) application through 1.0.7 for Android enables any application (with no permissions) to place phone calls without. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-51741 MEDIUM PATCH Monitor

Redis is an open source, in-memory database that persists on disk. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Redis Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-55075 MEDIUM POC Monitor

Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Grocy
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-21617 MEDIUM PATCH This Month

Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.3
EPSS
0.3%
CVE-2024-55408 MEDIUM This Month

An improper access control vulnerability in the AsusSAIO.sys driver may lead to the misuse of software functionality utilizing the driver when crafted IOCTL requests are supplied. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-46209 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Redaxo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35498 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Grav
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-55627 MEDIUM PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Heap Overflow Buffer Overflow Suricata Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-46073 MEDIUM This Month

A reflected Cross-Site Scripting (XSS) vulnerability exists in the login page of IceHRM v32.4.0.OS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-21615 MEDIUM This Month

AAT (Another Activity Tracker) is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-56769 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg Syzbot reports [1] an uninitialized value issue found by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56768 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP On x86-64 calling bpf_get_smp_processor_id() in a kernel with CONFIG_SMP. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56767 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset The at_xdmac_memset_create_desc may return NULL, which will. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56763 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracing_cpumask_write If a large count is provided, it will trigger a warning in bitmap_parse_user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56761 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: x86/fred: Clear WFE in missing-ENDBRANCH #CPs An indirect branch instruction sets the CPU indirect branch tracker (IBT) into. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56760 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Handle lack of irqdomain gracefully Alexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a RISCV platform. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56758 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocate_one_folio() When we call btrfs_read_folio() to bring a folio uptodate, we. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56757 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: add intf release flow when usb disconnect MediaTek claim an special usb intr interface for ISO data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Mediatek Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-47475 MEDIUM This Month

Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-21604 MEDIUM This Month

LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Langchain AI / ML
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-31914 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling B2b Integrator
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-31913 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling B2b Integrator
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-45559 MEDIUM This Month

Transient DOS can occur when GVM sends a specific message type to the Vdev-FastRPC backend. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qam8255p Firmware Qam8295p Firmware Qam8620p Firmware Qam8650p Firmware +19
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-43063 MEDIUM This Month

information disclosure while invoking the mailbox read API. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qam8255p Firmware Qam8295p Firmware Qam8650p Firmware +14
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-33067 MEDIUM PATCH This Month

Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Ar8035 Firmware C V2x 9150 Firmware Csrb31024 Firmware +73
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-33061 MEDIUM PATCH This Month

Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Qcs8550 Firmware Sw5100 Firmware Sw5100p Firmware +6
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-33059 MEDIUM PATCH This Month

Memory corruption while processing frame command IOCTL calls. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Memory Corruption Use After Free Fastconnect 6900 Firmware Fastconnect 7800 Firmware +13
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-33055 MEDIUM PATCH This Month

Memory corruption while invoking IOCTL calls to unmap the DMA buffers. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Memory Corruption Use After Free Fastconnect 6900 Firmware Fastconnect 7800 Firmware +36
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-33041 MEDIUM PATCH This Month

Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qam8295p Firmware +31
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-23366 MEDIUM This Month

Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qam8255p Firmware Qam8295p Firmware Qam8650p Firmware +14
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-12311 MEDIUM POC This Week

The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Email Subscribers Newsletters
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-12302 MEDIUM POC This Month

The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Icegram Engage
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-11849 MEDIUM POC This Month

The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pods
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-11356 MEDIUM POC This Month

The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tour Master
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-20152 MEDIUM Monitor

In wlan STA driver, there is a possible reachable assertion due to improper exception handling. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Yocto Software Development Kit Android Openwrt +1
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-20151 MEDIUM This Month

In Modem, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Nr16 Nr17
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20145 MEDIUM This Month

In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +3
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-20144 MEDIUM This Month

In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +3
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-20143 MEDIUM This Month

In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +3
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-20140 MEDIUM This Month

In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Android +1
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-20105 MEDIUM This Month

In m4u, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy