Skip to main content
CVE-2024-56323 MEDIUM PATCH This Month

OpenFGA is an authorization/permission engine. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Docker Authentication Bypass Helm Charts Openfga Suse
NVD GitHub
CVSS 4.0
5.8
EPSS
0.1%
CVE-2024-56138 MEDIUM PATCH Monitor

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suse
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-51491 LOW POC PATCH Monitor

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Red Hat Denial Of Service Notation Go
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-11128 HIGH This Month

A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Virus Scanner macOS
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2025-22619 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.4%
CVE-2025-22618 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.5%
CVE-2025-22617 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.4%
CVE-2025-22616 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.5%
CVE-2025-22615 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.3%
CVE-2025-22614 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.5%
CVE-2025-22613 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.7%
CVE-2025-22138 MEDIUM This Month

@codidact/qpixel is a Q&A-based community knowledge-sharing software. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Atlassian
NVD GitHub
CVSS 4.0
5.1
EPSS
0.3%

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-23027 MEDIUM This Month

next-forge is a Next.js project boilerplate for modern web application. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-23026 MEDIUM PATCH This Month

jte (Java Template Engine) is a secure and lightweight template engine for Java and Kotlin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-22144 CRITICAL POC Act Now

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Nameless
NVD GitHub
CVSS 4.0
9.0
EPSS
0.4%
CVE-2025-22142 MEDIUM POC This Month

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nameless
NVD GitHub
CVSS 4.0
6.3
EPSS
0.7%
CVE-2024-46481 HIGH This Month

The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect XSS Supravizio Bpm
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-46480 HIGH This Month

An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Supravizio Bpm
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-46921 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Denial Of Service Exynos 1080 Firmware Exynos 1280 Firmware Exynos 1330 Firmware +14
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-44771 MEDIUM This Month

BigId PrivacyPortal v179 is vulnerable to Cross Site Scripting (XSS) via the "Label" field in the Report template function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-5743 CRITICAL This Week

An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code.1.42. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-46920 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 9820 Firmware Exynos 9825 Firmware +6
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-46479 CRITICAL This Week

Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Supravizio Bpm
NVD GitHub
CVSS 3.1
9.9
EPSS
4.5%
CVE-2024-6352 MEDIUM Monitor

A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-57488 MEDIUM This Month

Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site Scripting (XSS) via the vehicalorcview parameter in /admin/edit-vehicle.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online Car Rental System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-48883 MEDIUM Monitor

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos Modem 5123 Firmware Exynos Modem 5300 Firmware Exynos 9820 Firmware +16
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-46919 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 9820 Firmware Exynos 9825 Firmware +6
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-12211 MEDIUM This Month

Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-22963 HIGH This Month

Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF Teedy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-52333 HIGH POC PATCH This Week

An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Dcmtk Suse
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-47796 HIGH POC PATCH This Week

An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Dcmtk Suse
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-22828 MEDIUM Monitor

CloudStack users can add and read comments (annotations) on resources they are authorised to access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 18.4% and no vendor patch available.

Information Disclosure Apache Cloudstack
NVD
CVSS 3.1
4.3
EPSS
18.4%
CVE-2024-52938 HIGH This Month

Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to subvert reconstruction activities to trigger a write of data outside the Guest's virtualised. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-52937 MEDIUM This Month

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-52936 MEDIUM Monitor

Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-52935 MEDIUM Monitor

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure
NVD
CVSS 3.1
4.1
EPSS
0.1%
CVE-2024-47897 HIGH This Month

Software installed and run as a non-privileged user may conduct improper GPU system calls resulting in platform instability and reboots. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-47895 HIGH This Month

Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-47894 HIGH This Month

Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.0%

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-12568 MEDIUM POC Monitor

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Email Subscribers Newsletters
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-12567 MEDIUM POC Monitor

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Email Subscribers Newsletters
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-12566 MEDIUM POC Monitor

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Email Subscribers Newsletters
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-12274 HIGH POC This Month

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Appointment Booking Calendar
NVD WPScan
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-11636 MEDIUM POC Monitor

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Email Subscribers Newsletters
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-0412 HIGH This Month

Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Keyshot
NVD
CVSS 3.0
7.8
EPSS
1.7%
CVE-2025-0410 MEDIUM POC This Month

A vulnerability classified as critical was found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Gymxmjpa
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0409 MEDIUM POC This Month

A vulnerability classified as critical has been found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Gymxmjpa
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy