Total 262521 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-26581 1 Idattend 1 Idweb 2024-09-10 9.8 Critical
Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2023-27261 1 Idattend 1 Idweb 2024-09-10 5.3 Medium
Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers.
CVE-2023-27262 1 Idattend 1 Idweb 2024-09-10 9.8 Critical
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2024-6932 1 Classcms Project 1 Classcms 2024-09-10 3.5 Low
A vulnerability was found in ClassCMS 4.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/?action=home&do=shop:index&keyword=&kind=all. The manipulation of the argument order leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271987.
CVE-2024-6934 1 Formtools 1 Form Tools 2024-09-10 2.4 Low
A vulnerability classified as problematic has been found in formtools.org Form Tools 3.1.1. This affects an unknown part of the file /admin/forms/add/step2.php?submission_type=direct. The manipulation of the argument Form URL leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271989 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8655 2024-09-10 5.3 Medium
A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8504 2024-09-10 N/A
An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.
CVE-2024-8232 2024-09-10 7.5 High
SpiderControl SCADA Web Server has a vulnerability that could allow an attacker to upload specially crafted malicious files without authentication.
CVE-2024-43040 2024-09-10 N/A
Renwoxing Enterprise Intelligent Management System before v3.0 was discovered to contain a SQL injection vulnerability via the parid parameter at /fx/baseinfo/SearchInfo.
CVE-2024-6935 1 Formtools 1 Form Tools 2024-09-10 2.4 Low
A vulnerability classified as problematic was found in formtools.org Form Tools 3.1.1. This vulnerability affects unknown code of the file /admin/clients/ of the component User Settings Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-37980 1 Microsoft 1 Sql Server 2024-09-10 8.8 High
Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2024-38194 1 Microsoft 1 Azure Web Apps 2024-09-10 8.4 High
An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.
CVE-2024-43495 1 Microsoft 3 Windows 11 22h2, Windows 11 23h2, Windows Server 23h2 2024-09-10 7.3 High
Windows libarchive Remote Code Execution Vulnerability
CVE-2024-43487 1 Microsoft 9 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 6 more 2024-09-10 6.5 Medium
Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2024-30073 1 Microsoft 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more 2024-09-10 7.8 High
Windows Security Zone Mapping Security Feature Bypass Vulnerability
CVE-2024-43479 1 Microsoft 1 Power Automate For Desktop 2024-09-10 8.5 High
Microsoft Power Automate Desktop Remote Code Execution Vulnerability
CVE-2024-43476 1 Microsoft 1 Dynamics 365 2024-09-10 7.6 High
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-43475 1 Microsoft 1 Windows Server 2008 Sp2 2024-09-10 7.3 High
Microsoft Windows Admin Center Information Disclosure Vulnerability
CVE-2024-43470 1 Microsoft 1 Azure Network Watcher Agent For Windows 2024-09-10 7.3 High
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
CVE-2024-43469 1 Microsoft 1 Azure Cyclecloud 2024-09-10 8.8 High
Azure CycleCloud Remote Code Execution Vulnerability