Skip to main content
CVE-2024-57487 MEDIUM POC THREAT This Month

In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 45.1% and no vendor patch available.

RCE File Upload Code Injection PHP Online Car Rental System
NVD GitHub
CVSS 3.1
6.5
EPSS
45.1%
Threat
4.2
CVE-2024-54999 MEDIUM POC This Month

MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name parameter the General Information module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Monica
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-22134 MEDIUM POC PATCH This Month

When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try. Rated medium severity (CVSS 4.2).

Heap Overflow Buffer Overflow Microsoft Bootstrap
NVD GitHub
CVSS 3.1
4.2
EPSS
0.1%
CVE-2023-42229 MEDIUM This Month

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Helpdeskadvanced
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-42248 MEDIUM This Month

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Visual Access Manager
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-42250 MEDIUM This Month

Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Visual Access Manager
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-42249 MEDIUM This Month

Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Visual Access Manager
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-42247 MEDIUM This Month

Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Visual Access Manager
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-42246 MEDIUM This Month

Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Visual Access Manager
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-42245 MEDIUM This Month

Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Visual Access Manager
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-42233 MEDIUM This Month

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the Filter/FilterEditor function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Helpdeskadvanced
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-42230 MEDIUM This Month

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the WSCView/Save function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Helpdeskadvanced
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-42243 MEDIUM This Month

In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Visual Access Manager
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-42234 MEDIUM This Month

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Helpdeskadvanced
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-22800 MEDIUM This Month

Missing Authorization vulnerability in Post SMTP Post SMTP allows Exploiting Incorrectly Configured Access Control Security Levels.9.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-56323 MEDIUM PATCH This Month

OpenFGA is an authorization/permission engine. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Docker Authentication Bypass Helm Charts Openfga Suse
NVD GitHub
CVSS 4.0
5.8
EPSS
0.1%
CVE-2024-56138 MEDIUM PATCH Monitor

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suse
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-22619 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.4%
CVE-2025-22618 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.5%
CVE-2025-22617 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.4%
CVE-2025-22616 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.5%
CVE-2025-22615 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.3%
CVE-2025-22614 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.5%
CVE-2025-22613 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.7%
CVE-2025-22138 MEDIUM This Month

@codidact/qpixel is a Q&A-based community knowledge-sharing software. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Atlassian
NVD GitHub
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-23027 MEDIUM This Month

next-forge is a Next.js project boilerplate for modern web application. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-23026 MEDIUM PATCH This Month

jte (Java Template Engine) is a secure and lightweight template engine for Java and Kotlin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-22142 MEDIUM POC This Month

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nameless
NVD GitHub
CVSS 4.0
6.3
EPSS
0.7%
CVE-2024-46921 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Denial Of Service Exynos 1080 Firmware Exynos 1280 Firmware Exynos 1330 Firmware +14
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-44771 MEDIUM This Month

BigId PrivacyPortal v179 is vulnerable to Cross Site Scripting (XSS) via the "Label" field in the Report template function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-46920 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 9820 Firmware Exynos 9825 Firmware +6
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-6352 MEDIUM Monitor

A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-57488 MEDIUM This Month

Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site Scripting (XSS) via the vehicalorcview parameter in /admin/edit-vehicle.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online Car Rental System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-48883 MEDIUM Monitor

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos Modem 5123 Firmware Exynos Modem 5300 Firmware Exynos 9820 Firmware +16
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-46919 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 9820 Firmware Exynos 9825 Firmware +6
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-12211 MEDIUM This Month

Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-22828 MEDIUM Monitor

CloudStack users can add and read comments (annotations) on resources they are authorised to access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 18.4% and no vendor patch available.

Information Disclosure Apache Cloudstack
NVD
CVSS 3.1
4.3
EPSS
18.4%
CVE-2024-52937 MEDIUM This Month

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-52936 MEDIUM Monitor

Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-52935 MEDIUM Monitor

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure
NVD
CVSS 3.1
4.1
EPSS
0.1%
CVE-2024-12568 MEDIUM POC Monitor

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Email Subscribers Newsletters
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-12567 MEDIUM POC Monitor

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Email Subscribers Newsletters
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-12566 MEDIUM POC Monitor

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Email Subscribers Newsletters
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-11636 MEDIUM POC Monitor

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Email Subscribers Newsletters
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-0410 MEDIUM POC This Month

A vulnerability classified as critical was found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Gymxmjpa
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0409 MEDIUM POC This Month

A vulnerability classified as critical has been found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Gymxmjpa
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0408 MEDIUM POC This Month

A vulnerability was found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Gymxmjpa
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0407 MEDIUM POC This Month

A vulnerability was found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Gymxmjpa
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0406 MEDIUM POC This Month

A vulnerability was found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Gymxmjpa
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0405 MEDIUM POC This Month

A vulnerability was found in liujianview gymxmjpa 1.0 and classified as critical.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Gymxmjpa
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy