Skip to main content
CVE-2017-20196 MEDIUM POC This Month

A vulnerability was found in Itechscripts School Management Software 2.75. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD VulDB Exploit-DB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2022-49043 HIGH PATCH This Week

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Libxml2 Red Hat +1
NVD GitHub
CVSS 3.1
8.1
EPSS
0.2%
CVE-2023-50946 MEDIUM This Month

IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Common Licensing
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-50945 MEDIUM This Month

IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Common Licensing
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2023-38009 MEDIUM This Month

IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure IBM Apple Cognos Analytics iOS
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-0720 MEDIUM Monitor

A vulnerability was found in Microword eScan Antivirus 7.0.32 on Linux. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Escan Anti Virus
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2024-31906 MEDIUM This Month

IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Automation Decision Services
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2024-13505 MEDIUM PATCH This Month

The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ays_sections[5][questions][8][title]’ parameter in all versions up to, and including, 5.1.3.3 due to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Survey Maker
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-12334 MEDIUM PATCH This Month

The WC Affiliate - A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wc Affiliate
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-11936 HIGH This Month

The Zox News theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation Zox News
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-11641 HIGH PATCH This Month

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

RCE CSRF WordPress Vikbooking Hotel Booking Engine Pms
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-46881 HIGH This Month

Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect Access Control. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-11090 MEDIUM PATCH This Month

The Membership Plugin - Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Restrict Content
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-10705 MEDIUM PATCH This Month

The Multiple Page Generator Plugin - MPG plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.5 via the 'mpg_download_file_by_link' function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Multiple Page Generator
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-24858 HIGH This Month

Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an attacker who has network access to a Develocity server to obtain the hashed password of the system user. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.3
EPSS
0.0%
CVE-2024-10636 MEDIUM This Month

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 8.8.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-10633 HIGH This Month

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 (Business), up to, and including,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection WordPress
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-10628 HIGH POC This Month

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Quiz Maker
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-10574 HIGH This Month

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ays_save_google_credentials' function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass WordPress
NVD
CVSS 3.1
7.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy