Skip to main content
CVE-2023-50309 MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling B2b Integrator
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-10539 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Uyumsoft Informatin Systems Uyumsoft ERP allows XSS Using Invalid Characters, Reflected. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-42718 MEDIUM This Month

Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2023-32340 MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling B2b Integrator
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-0693 MEDIUM This Month

Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-57556 MEDIUM POC PATCH This Month

Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Store
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-57386 MEDIUM POC This Month

Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Wallos
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-57329 MEDIUM POC This Month

HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hortusfox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-57326 MEDIUM POC This Month

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the search.php file of the Online Pizza Delivery System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Pizza Delivery System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-50665 MEDIUM POC This Month

gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_cenc_get_sai_by_saiz_saio in MP4Box. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24353 MEDIUM POC PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Directus
NVD GitHub
CVSS 3.1
5.0
EPSS
0.3%
CVE-2025-23227 MEDIUM This Month

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Tivoli Application Dependency Discovery Manager
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-55930 MEDIUM This Month

Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Workplace Suite
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-55929 MEDIUM This Month

A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Workplace Suite
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-55928 MEDIUM This Month

Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Workplace Suite
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-45672 MEDIUM This Month

IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

IBM Denial Of Service Security Verify Bridge
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2024-52327 MEDIUM POC This Month

The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to bypass the PIN entry required to access the live video feed. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Home
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2024-12079 MEDIUM POC Monitor

ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Deebot 900 Firmware Deebot N8 Firmware Deebot T8 Firmware Deebot N9 Firmware +10
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2024-12078 MEDIUM POC This Month

ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Deebot N10 Firmware Deebot T10 Firmware Deebot X1 Firmware Deebot T20 Firmware +10
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-52325 MEDIUM POC This Month

ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection. Rated medium severity (CVSS 5.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Goat G1 2000 Firmware Goat G1 Firmware Goat G1 800 Firmware Gx 600 Firmware +8
NVD
CVSS 4.0
5.8
EPSS
0.6%
CVE-2024-10846 MEDIUM PATCH This Month

The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Docker Information Disclosure Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2024-57947 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-13422 MEDIUM PATCH This Month

The SEO Blogger to WordPress Migration using 301 Redirection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 0.4.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Seo Blogger To Wordpress 301 Redirector
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-13389 MEDIUM PATCH This Month

The Cliptakes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cliptakes_input_email' shortcode in all versions up to, and including, 1.3.4 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Cliptakes
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-13340 MEDIUM PATCH This Month

The MDTF - Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdf_results_by_ajax' shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Meta Data And Taxonomies Filter
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-13236 MEDIUM PATCH This Month

The Tainacan plugin for WordPress is vulnerable to SQL Injection via the 'collection_id' parameter in all versions up to, and including, 0.21.12 due to insufficient escaping on the user supplied. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Tainacan
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-12504 MEDIUM PATCH This Month

The Broadcast Live Video - Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_hls' shortcode in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Videowhisper Live Streaming Integration
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-12118 MEDIUM PATCH This Month

The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the html_tag attribute in all versions up to, and including, 6.9.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS The Events Calendar
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-0648 MEDIUM This Month

Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 and before 24.8 LTS SR3 allows a highly privileged attacker to cause denial of service via configuration change. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service M Files Server
NVD
CVSS 4.0
5.9
EPSS
0.1%
CVE-2025-0635 MEDIUM This Month

Denial of service condition in M-Files Server in versions before 25.1.14445.5 allows an unauthenticated user to consume computing resources in certain conditions. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service M Files Server
NVD
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-0619 MEDIUM Monitor

Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly privileged user to recover external connector passwords. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure M Files Server
NVD
CVSS 4.0
4.6
EPSS
0.1%
CVE-2024-43708 MEDIUM PATCH This Month

An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted payload to a number of inputs in Kibana UI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Elastic Denial Of Service Kibana
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-12043 MEDIUM PATCH This Month

The Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Prime Slider
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-13511 MEDIUM PATCH Monitor

The Variation Swatches for WooCommerce plugin, in all versions starting at 1.0.8 up until 1.3.2, contains a vulnerability due to improper nonce verification in its settings reset functionality. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Authentication Bypass CSRF WordPress Variation Swatches For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-53299 MEDIUM PATCH This Month

The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service Wicket
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-52972 MEDIUM PATCH This Month

An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Elastic Denial Of Service Kibana
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-24530 MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin 5.x before 5.2.2. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Suse
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-24529 MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin 5.x before 5.2.2. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Suse
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-43710 MEDIUM PATCH Monitor

A server side request forgery vulnerability was identified in Kibana where the /api/fleet/health_check API could be used to send requests to internal endpoints. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Elastic SSRF Kibana
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-42187 MEDIUM This Month

BigFix Patch Download Plug-ins are affected by path traversal vulnerability. Rated medium severity (CVSS 5.3). No vendor patch available.

Path Traversal
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-57724 MEDIUM POC This Week

lunasvg v3.0.0 was discovered to contain a segmentation violation via the component gray_record_cell. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lunasvg
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-57723 MEDIUM POC This Week

lunasvg v3.0.0 was discovered to contain a segmentation violation via the component composition_source_over. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lunasvg
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-57721 MEDIUM POC This Week

lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_path_add_path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lunasvg
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-57720 MEDIUM POC This Week

lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_blend. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lunasvg
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-57719 MEDIUM POC This Week

lunasvg v3.0.0 was discovered to contain a segmentation violation via the component blend_transformed_tiled_argb.isra.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Lunasvg
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy