Total
262233 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-8562 | 2024-09-07 | 3.5 Low | ||
A vulnerability was found in SourceCodester PHP CRUD 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /endpoint/Add.php. The manipulation of the argument first_name/middle_name/last_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-8561 | 2024-09-07 | 6.3 Medium | ||
A vulnerability has been found in SourceCodester PHP CRUD 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete.php of the component Delete Person Handler. The manipulation of the argument person leads to sql injection. The attack can be launched remotely. | ||||
CVE-2024-8560 | 2024-09-07 | 6.3 Medium | ||
A vulnerability, which was classified as critical, was found in SourceCodester Simple Invoice Generator System 1.0. Affected is an unknown function of the file /save_invoice.php. The manipulation of the argument invoice_code/customer/cashier/total_amount/discount_percentage/discount_amount/tendered_amount leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-8559 | 2024-09-07 | 4.7 Medium | ||
A vulnerability, which was classified as critical, has been found in SourceCodester Online Food Menu 1.0. This issue affects some unknown processing of the file /endpoint/delete-menu.php. The manipulation of the argument menu leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-42024 | 2024-09-07 | N/A | ||
A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed. | ||||
CVE-2024-42023 | 2024-09-07 | N/A | ||
An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely. | ||||
CVE-2024-42022 | 2024-09-07 | N/A | ||
An incorrect permission assignment vulnerability allows an attacker to modify product configuration files. | ||||
CVE-2024-42021 | 2024-09-07 | N/A | ||
An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. | ||||
CVE-2024-42020 | 2024-09-07 | N/A | ||
A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection. | ||||
CVE-2024-42019 | 2024-09-07 | N/A | ||
A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication. | ||||
CVE-2024-40718 | 2024-09-07 | N/A | ||
A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability. | ||||
CVE-2024-40714 | 2024-09-07 | N/A | ||
An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations. | ||||
CVE-2024-40713 | 2024-09-07 | N/A | ||
A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. | ||||
CVE-2024-40712 | 2024-09-07 | N/A | ||
A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE). | ||||
CVE-2024-40711 | 2024-09-07 | N/A | ||
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). | ||||
CVE-2024-40710 | 2024-09-07 | N/A | ||
A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication. | ||||
CVE-2024-40709 | 2024-09-07 | N/A | ||
A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level. | ||||
CVE-2024-39718 | 2024-09-07 | N/A | ||
An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account. | ||||
CVE-2024-39715 | 2024-09-07 | N/A | ||
A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server. | ||||
CVE-2024-39714 | 2024-09-07 | N/A | ||
A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server. |