Skip to main content
CVE-2024-56960 MEDIUM This Month

An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Apple iOS
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-56959 MEDIUM This Month

An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Apple iOS
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-56957 MEDIUM This Month

An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Microsoft Apple iOS
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-56955 MEDIUM This Month

An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Apple iOS
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-56954 MEDIUM This Month

An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Apple iOS
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-56953 MEDIUM This Month

An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Apple iOS
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-56952 MEDIUM This Month

An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Apple iOS
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-56951 MEDIUM This Month

An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.13 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Apple iOS
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-56950 MEDIUM This Month

An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Apple iOS
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-56949 MEDIUM This Month

An issue in Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Apple iOS
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-56948 MEDIUM This Month

An issue in KuGou Technology CO. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Apple iOS
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-56947 MEDIUM This Month

An issue in Xiamen Meitu Technology Co., Ltd. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Apple iOS
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-24368 MEDIUM POC PATCH This Week

Cacti is an open source performance and fault management framework. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi Cacti Suse
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-24356 MEDIUM PATCH This Month

fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fastd
NVD GitHub
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-23197 MEDIUM This Month

matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab Atlassian
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-26317 MEDIUM This Month

In illumos illumos-gate 2024-02-15, an error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates, causing the algorithm to yield a result of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-0730 MEDIUM POC This Month

A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Tl Sg108E Firmware
NVD VulDB GitHub
CVSS 4.0
6.3
EPSS
0.5%
CVE-2025-0729 MEDIUM This Month

A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure TP-Link
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-57272 MEDIUM This Month

SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-54145 MEDIUM POC PATCH This Month

Cacti is an open source performance and fault management framework. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Cacti Suse
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-27256 MEDIUM This Month

IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Mq Operator Supplied Mq Advanced Container Images
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-45598 MEDIUM POC PATCH This Month

Cacti is an open source performance and fault management framework. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Cacti Suse
NVD GitHub
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-38325 MEDIUM This Month

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Storage Defender
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-38320 MEDIUM This Month

IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure VMware Storage Protect For Virtual Environments Storage Protect
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-37527 MEDIUM This Month

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Openpages With Watson
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-22316 MEDIUM Monitor

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Sterling File Gateway
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-11348 MEDIUM This Month

Eura7 CMSmanager in version 4.6 and below is vulnerable to Reflected XSS attacks through manipulation of return GET request parameter sent to a specific endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-55931 MEDIUM This Month

Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Workplace Suite
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-0696 MEDIUM This Month

A NULL Pointer Dereference vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-0695 MEDIUM This Month

An Allocation of Resources Without Limits or Throttling vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-12345 MEDIUM POC This Month

A vulnerability classified as problematic was found in INW Krbyyyzo 25.2002. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD VulDB GitHub
CVSS 4.0
6.7
EPSS
0.1%
CVE-2025-24814 MEDIUM PATCH This Month

Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Solr Red Hat
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-52012 MEDIUM PATCH This Month

Relative Path Traversal vulnerability in Apache Solr. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.5% and no vendor patch available.

Microsoft Apache Path Traversal Solr Windows
NVD
CVSS 3.1
5.4
EPSS
13.5%
CVE-2025-24390 MEDIUM This Month

A vulnerability in OTRS Application Server and reverse proxy settings allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Suse
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-24389 MEDIUM This Month

Certain errors of the upstream libraries will insert sensitive information in the OTRS or ((OTRS)) Community Edition log mechanism and mails send to the system administrator. Rated medium severity (CVSS 6.3). No vendor patch available.

Information Disclosure Suse
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2024-43445 MEDIUM This Month

A vulnerability exists in OTRS and ((OTRS Community Edition)) that fail to set the HTTP response header X-Content-Type-Options to nosniff. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-13117 MEDIUM POC This Week

The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Share Buttons
NVD WPScan
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-13095 MEDIUM POC Monitor

The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Triggers Lite
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-12774 MEDIUM POC This Week

The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Altra Side Menu
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-12436 MEDIUM POC Monitor

The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Customer Area
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-12280 MEDIUM POC Monitor

The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Customer Area
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-28771 MEDIUM Monitor

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Directory Integrator Security Verify Directory Integrator
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2024-28770 MEDIUM Monitor

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Directory Integrator Security Verify Directory Integrator
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-0722 MEDIUM POC This Month

A vulnerability classified as critical was found in needyamin image_gallery 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass PHP Image Gallery Management System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-0721 MEDIUM POC This Month

A vulnerability classified as problematic has been found in needyamin image_gallery 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Image Gallery Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy