Skip to main content
CVE-2024-54994 MEDIUM POC This Month

MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the Add a new relationship feature. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monica
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-54997 MEDIUM POC This Month

MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Monica
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-54998 MEDIUM POC This Month

MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:[id]/debts/create. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monica
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-12473 MEDIUM This Month

The AI Scribe - SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to SQL Injection via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-12606 MEDIUM This Month

The AI Scribe - SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to unauthorized. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-23112 MEDIUM This Month

An issue was discovered in REDCap 14.9.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Redcap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-23111 MEDIUM Monitor

An issue was discovered in REDCap 14.9.6. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Redcap
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-23110 MEDIUM This Month

An issue was discovered in REDCap 14.9.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Redcap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-9133 MEDIUM This Month

A user with administrator privileges is able to retrieve authentication tokens. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ng Firewall
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2024-7142 MEDIUM Monitor

On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2024-47518 MEDIUM POC This Month

Specially constructed queries targeting ETM could discover active remote access sessions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Ng Firewall
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-47517 MEDIUM POC This Week

Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ng Firewall
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-7095 MEDIUM Monitor

On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-5872 MEDIUM This Month

On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-6437 MEDIUM This Month

On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy --. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2024-33299 MEDIUM POC Monitor

Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Microweber
NVD GitHub
CVSS 3.1
4.7
EPSS
1.1%
CVE-2024-33298 MEDIUM POC This Month

Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2024-33297 MEDIUM POC Monitor

Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Microweber
NVD GitHub
CVSS 3.1
4.7
EPSS
1.0%
CVE-2025-23079 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - ArticleFeedbackv5 extension allows Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-54910 MEDIUM Monitor

Hasleo Backup Suite Free v4.9.4 and before is vulnerable to Insecure Permissions via the File recovery function. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.7
EPSS
1.2%
CVE-2025-23078 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - Breadcrumbs2 extension allows Cross-Site Scripting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-6880 MEDIUM This Month

During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-57222 MEDIUM POC This Month

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E7350 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.9%
CVE-2024-54687 MEDIUM POC This Month

Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Vtiger Crm
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-57214 MEDIUM POC This Month

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
1.2%
CVE-2024-57213 MEDIUM POC This Month

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
1.2%
CVE-2024-57212 MEDIUM POC This Month

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
5.1
EPSS
0.7%
CVE-2024-54849 MEDIUM POC This Month

An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the second RSA private key and access sensitive data or execute a man-in-the-middle attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Cp Vnr 3104 Firmware
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-54847 MEDIUM POC This Month

An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman (DH) parameters and access sensitive data or execute a man-in-the-middle attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Cp Vnr 3104 Firmware
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-54846 MEDIUM POC This Month

An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the EC private key and access sensitive data or execute a man-in-the-middle attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Cp Vnr 3104 Firmware
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2025-22600 MEDIUM POC This Month

WeGIA is a web manager for charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.7%
CVE-2025-22599 MEDIUM POC This Month

WeGIA is a web manager for charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.7%
CVE-2025-22596 MEDIUM POC This Month

WeGIA is a web manager for charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.7%
CVE-2024-50807 MEDIUM This Month

Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross Site Scripting (XSS) via file upload using the svg and pdf extensions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-23022 MEDIUM POC PATCH Monitor

FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Freetype Red Hat Suse
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-57822 MEDIUM POC PATCH Monitor

In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buffer over-read when parsing triples with the nquads parser in raptor_ntriples_parse_term_internal(). Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Raptor Rdf Syntax Library Red Hat Suse
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-13318 MEDIUM This Month

The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Essential Wp Real Estate
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-13183 MEDIUM PATCH This Month

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.10.43 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Orbit Fox
NVD GitHub
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-0311 MEDIUM PATCH This Month

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Orbit Fox PHP
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy