Search Results (364122 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-38860 1 Checkmk 1 Checkmk 2024-12-11 6.1 Medium
Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks.
CVE-2024-12354 2 Razormist, Sourcecodester 2 Phone Contact Manager System, Phone Shop Sales Managements System Using Php With Source Code 2024-12-10 5.3 Medium
A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVE-2024-12357 2 Mayurik, Sourcecodester 2 Best House Rental Management System, Best House Rental Management System 2024-12-10 4.3 Medium
A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12358 2 Datax-web Project, Weiye-jing 2 Datax-web, Datax-web 2024-12-10 6.3 Medium
A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12359 1 Code-projects 1 Admin Dashboard 2024-12-10 3.5 Low
A vulnerability was found in code-projects Admin Dashboard 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /vendor_management.php. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting product names.
CVE-2024-12360 2 Code-projects, Online Class And Exam Scheduling System Project 2 Online Class And Exam Scheduling System, Online Class And Exam Scheduling System 2024-12-10 6.3 Medium
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as critical. This issue affects some unknown processing of the file class_update.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12352 1 Totolink 2 Ex1800t, Ex1800t Firmware 2024-12-10 4.3 Medium
A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12344 1 Tp-link 2 Vn020 F3v, Vn020 F3v Firmware 2024-12-10 6.3 Medium
A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12343 1 Tp-link 2 Vn020 F3v, Vn020 F3v Firmware 2024-12-10 6.5 Medium
A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used.
CVE-2024-12234 1 1000projects 1 Beauty Parlour Management System 2024-12-10 7.3 High
A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-customer-detailed.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2024-2059 1 Mayurik 1 Petrol Pump Management 2024-12-10 4.7 Medium
A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/app/service_crud.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-255374 is the identifier assigned to this vulnerability.
CVE-2024-2058 1 Mayurik 1 Petrol Pump Management 2024-12-10 4.7 Medium
A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/product.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255373 was assigned to this vulnerability.
CVE-2024-12002 1 Tenda 8 Fh1201, Fh1201 Firmware, Fh1202 and 5 more 2024-12-10 4.3 Medium
A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12230 1 Phpgurukul 1 Complaint Management System 2024-12-10 7.3 High
A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/subcategory.php. The manipulation of the argument category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12229 1 Phpgurukul 1 Complaint Management System 2024-12-10 7.3 High
A vulnerability classified as critical was found in PHPGurukul Complaint Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/complaint-search.php. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12228 1 Phpgurukul 1 Complaint Management System 2024-12-10 7.3 High
A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. Affected is an unknown function of the file /admin/user-search.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12188 1 1000projects 1 Library Management System 2024-12-10 7.3 High
A vulnerability was found in 1000 Projects Library Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /brains/stu.php. The manipulation of the argument useri leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12001 2 Anisha, Codeprojects 2 Wazifa System, Wazifa System 2024-12-10 3.5 Low
A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0. Affected is an unknown function of the file /controllers/updatesettings.php of the component Setting Handler. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2024-12000 2 Code-projects, Codeprojects 2 Blood Bank System, Blood Bank System 2024-12-10 3.5 Low
A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /controllers/updatesettings.php of the component Setting Handler. The manipulation of the argument firstname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2024-25149 1 Liferay 2 Digital Experience Platform, Liferay Portal 2024-12-10 5.4 Medium
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site.