Skip to main content
CVE-2024-50967 MEDIUM POC THREAT This Month

The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 37.9% and no vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
37.9%
CVE-2017-13322 CRITICAL PATCH Act Now

In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Android Google
NVD
CVSS 4.0
10.0
EPSS
0.1%
CVE-2018-9375 HIGH This Week

In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2018-9382 HIGH This Week

In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot from a non-owner profile due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2018-9434 HIGH PATCH This Week

In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-57370 MEDIUM This Month

Cross Site Scripting vulnerability in sunnygkp10 Online Exam System master version allows a remote attacker to obtain sensitive information via the w parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2018-9447 MEDIUM PATCH This Month

In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible way to crash the emergency callback mode due to a missing null check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2018-9379 MEDIUM PATCH This Month

In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-12637 MEDIUM This Month

The Moving Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.05 via the export functionality. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2018-9383 MEDIUM This Month

In asn1_ber_decoder of asn1_decoder.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2018-9384 MEDIUM PATCH This Month

In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2023-50738 MEDIUM This Month

A new feature to prevent Firmware downgrades was recently added to some Lexmark products. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-23208 HIGH POC PATCH This Month

zot is a production-ready vendor-neutral OCI image registry. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Zot Suse
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-23207 MEDIUM PATCH This Month

KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Katex Red Hat
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-0541 MEDIUM POC This Month

A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Gym Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-23206 LOW PATCH Monitor

The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Rated low severity (CVSS 1.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Jwt Attack Aws Cloud Development Kit
NVD GitHub
CVSS 4.0
1.8
EPSS
0.1%
CVE-2025-23205 MEDIUM PATCH This Month

nbgrader is a system for assigning and grading notebooks. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-23202 CRITICAL This Week

Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
10.0
EPSS
0.3%
CVE-2025-23039 MEDIUM This Month

Caido is a web security auditing toolkit. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.2
EPSS
0.1%
CVE-2025-21606 HIGH This Month

stats is a macOS system monitor in for the menu bar. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Apple macOS
NVD GitHub
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-0540 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0538 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in code-projects Tourism Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tourism Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-57252 MEDIUM Monitor

OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can Read system files arbitrarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Otcms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-57035 CRITICAL POC Act Now

WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage parameter in /controle/control.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-57033 MEDIUM POC This Month

WeGIA < 3.2.0 is vulnerable to Cross Site Scripting (XSS) via the dados_addInfo parameter of documentos_funcionario.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wegia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2025-21399 HIGH POC This Month

Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Google Edge Update Chrome
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2025-21185 MEDIUM This Month

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Google Edge Chromium Chrome
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-0537 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in code-projects Car Rental Management System 1.0.php. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Car Rental System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-0536 MEDIUM POC This Month

A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Attendance Tracking Management System Tenda
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-57372 MEDIUM This Month

Cross Site Scripting vulnerability in InformationPush master version allows a remote attacker to obtain sensitive information via the title, time and msg parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-57369 MEDIUM This Month

Clickjacking vulnerability in typecho v1.2.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Typecho
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-57034 CRITICAL POC Act Now

WeGIA < 3.2.0 is vulnerable to SQL Injection in query_geracao_auto.php via the query parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-57032 CRITICAL POC Act Now

WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Wegia
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-57031 CRITICAL POC Act Now

WeGIA < 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via the id_funcionario parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-57030 HIGH POC This Week

Wegia < 3.2.0 is vulnerable to Cross Site Scripting (XSS) in /geral/documentos_funcionario.php via the id parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP XSS Wegia
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-52870 HIGH This Month

Teradata Vantage Editor 1.0.1 is mostly intended for SQL database access and docs.teradata.com access, but provides unintended functionality (including Chromium Developer Tools) that can result in a. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-13026 MEDIUM This Month

A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify® Algorithm Suite. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.1
EPSS
0.0%
CVE-2025-0535 MEDIUM POC This Month

A vulnerability classified as critical has been found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Gym Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0534 MEDIUM POC This Week

A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Campaign Management System Platform For Women
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-0533 MEDIUM POC This Week

A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Campaign Management System Platform For Women
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-0532 MEDIUM POC This Month

A vulnerability was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Gym Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-0430 HIGH This Month

Belledonne Communications Linphone-Desktop is vulnerable to a NULL Dereference vulnerability, which could allow a remote attacker to create a denial-of-service condition. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 4.0
8.7
EPSS
1.4%
CVE-2024-12757 HIGH This Month

Nedap Librix Ecoreader is missing authentication for critical functions that could allow an unauthenticated attacker to potentially execute malicious code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-54681 LOW Monitor

Multiple bash files were present in the application's private directory. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
2.0
EPSS
0.1%
CVE-2024-53683 MEDIUM This Month

A valid set of credentials in a .js file and a static token for communication were obtained from the decompiled IPA. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.6
EPSS
0.1%
CVE-2024-45832 LOW Monitor

Hard-coded credentials were included as part of the application binary. Rated low severity (CVSS 2.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
2.0
EPSS
0.1%
CVE-2024-26157 MEDIUM This Month

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in get view method under view parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Remote Access Server Firmware
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-26156 MEDIUM Monitor

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in the method parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remote Access Server Firmware
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2024-26155 MEDIUM This Month

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Remote Access Server Firmware
NVD
CVSS 4.0
6.1
EPSS
0.1%
CVE-2024-26154 MEDIUM Monitor

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting in the appliance site name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remote Access Server Firmware
NVD
CVSS 4.0
4.8
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy