Skip to main content
CVE-2024-11396 MEDIUM POC THREAT This Month

The Event Monster - Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 57.0% and no vendor patch available.

WordPress Information Disclosure Event Monster
NVD
CVSS 3.1
5.3
EPSS
57.0%
Threat
4.3
CVE-2024-12008 MEDIUM POC PATCH THREAT This Month

The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.5%.

CSRF WordPress Information Disclosure W3 Total Cache
NVD
CVSS 3.1
5.3
EPSS
33.5%
CVE-2024-12086 MEDIUM POC PATCH This Month

A flaw was found in rsync. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Rsync Openshift Container Platform Enterprise Linux Almalinux +4
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.6%
CVE-2024-50857 MEDIUM POC This Month

The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS Gestioip
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
0.1%
CVE-2023-42785 MEDIUM This Month

A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Fortinet Denial Of Service Fortios
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-42786 MEDIUM This Month

A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Fortinet Denial Of Service Fortios
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-12747 MEDIUM PATCH This Month

A flaw was found in rsync. Rated medium severity (CVSS 5.6). No vendor patch available.

Privilege Escalation Race Condition
NVD VulDB
CVSS 3.1
5.6
EPSS
0.0%
CVE-2023-46715 MEDIUM This Month

An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortios
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2024-53277 MEDIUM PATCH This Month

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Framework
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2024-47605 MEDIUM POC PATCH This Month

silverstripe-asset-admin is a silverstripe assets gallery for asset management. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
4.0%
CVE-2024-50861 MEDIUM POC This Month

The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS Gestioip
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
1.2%
CVE-2024-50859 MEDIUM POC Monitor

The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gestioip
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2024-45102 MEDIUM This Month

A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-10254 MEDIUM Monitor

A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. Rated medium severity (CVSS 4.7). No vendor patch available.

Heap Overflow Lenovo Buffer Overflow
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-10253 MEDIUM Monitor

A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. Rated medium severity (CVSS 4.7). No vendor patch available.

Heap Overflow Lenovo Buffer Overflow
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-23019 MEDIUM This Month

IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ipv6 Red Hat
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-23018 MEDIUM This Month

IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ipv6 Red Hat
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-55945 MEDIUM PATCH Monitor

TYPO3 is a free and open source Content Management Framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Typo3
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-55923 MEDIUM PATCH Monitor

TYPO3 is a free and open source Content Management Framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Typo3
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-55922 MEDIUM PATCH This Month

TYPO3 is a free and open source Content Management Framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-55920 MEDIUM PATCH Monitor

TYPO3 is a free and open source Content Management Framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Typo3
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-55894 MEDIUM PATCH Monitor

TYPO3 is a free and open source Content Management Framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Typo3
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-55893 MEDIUM PATCH Monitor

TYPO3 is a free and open source Content Management Framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Typo3
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-55892 MEDIUM PATCH Monitor

TYPO3 is a free and open source Content Management Framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Open Redirect SSRF Typo3
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-23072 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - RefreshSpecial Extension allows Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-23041 MEDIUM PATCH This Month

Umbraco.Forms is a web form framework written for the nuget ecosystem. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Umbraco Forms
NVD GitHub
CVSS 3.1
5.8
EPSS
0.2%
CVE-2024-56374 MEDIUM PATCH This Month

An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service Django Debian Linux Red Hat +1
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2024-48855 MEDIUM This Month

Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-48854 MEDIUM This Month

Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2025-23366 MEDIUM PATCH This Month

A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hal Management Console Red Hat
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-21403 MEDIUM PATCH This Month

On-Premises Data Gateway Information Disclosure Vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Information Disclosure On Prem Data Gateway
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-21393 MEDIUM PATCH This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Sharepoint Server
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-21374 MEDIUM PATCH This Month

Windows CSC Service Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-21357 MEDIUM PATCH This Month

Microsoft Outlook Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.7). This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Microsoft RCE 365 Apps Office Office Long Term Servicing Channel +1
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2025-21341 MEDIUM PATCH This Month

Windows Digital Media Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-21340 MEDIUM PATCH This Month

Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21336 MEDIUM PATCH This Month

Windows Cryptographic Information Disclosure Vulnerability. Rated medium severity (CVSS 5.6).

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-21332 MEDIUM PATCH Monitor

MapUrlToZone Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-21329 MEDIUM PATCH Monitor

MapUrlToZone Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-21328 MEDIUM PATCH Monitor

MapUrlToZone Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-21327 MEDIUM PATCH This Month

Windows Digital Media Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-21324 MEDIUM PATCH This Month

Windows Digital Media Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-21323 MEDIUM PATCH This Month

Windows Kernel Memory Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21321 MEDIUM PATCH This Month

Windows Kernel Memory Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-21320 MEDIUM PATCH This Month

Windows Kernel Memory Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-21319 MEDIUM PATCH This Month

Windows Kernel Memory Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-21318 MEDIUM PATCH This Month

Windows Kernel Memory Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-21317 MEDIUM PATCH This Month

Windows Kernel Memory Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 21h2 Windows 10 22h2 Windows 11 22h2 +6
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21316 MEDIUM PATCH This Month

Windows Kernel Memory Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-21314 MEDIUM PATCH This Month

Windows SmartScreen Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD
CVSS 3.1
6.5
EPSS
0.3%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy