Search Results (362865 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-24558 1 Tanstack 1 React-query-next-experimental 2024-11-21 8.2 High
TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. The `@tanstack/react-query-next-experimental` NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. To fix this issue, please update to version 5.18.0 or later.
CVE-2024-24548 1 Estore-wss 1 Payment Ex 2024-11-21 6.5 Medium
Payment EX Ver1.1.5b and earlier allows a remote unauthenticated attacker to obtain the information of the user who purchases merchandise using Payment EX.
CVE-2024-24524 1 Flusity 1 Flusity 2024-11-21 8.8 High
Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component.
CVE-2024-24496 1 Remyandrade 1 Daily Habit Tracker 2024-11-21 9.8 Critical
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components.
CVE-2024-24482 2 Apktool, Microsoft 2 Apktool, Windows 2024-11-21 9.8 Critical
Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal.
CVE-2024-24469 2 Flushcms, Flusity 2 Flushcms, Flusity 2024-11-21 8.8 High
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php.
CVE-2024-24396 1 Stimulsoft 2 Dashboard.js, Dashboards.js 2024-11-21 6.1 Medium
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.
CVE-2024-24328 1 Totolink 2 A3300r, A3300r Firmware 2024-11-21 9.8 Critical
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.
CVE-2024-24326 1 Totolink 2 A3300r, A3300r Firmware 2024-11-21 9.8 Critical
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.
CVE-2024-24320 1 Mgt-commerce 1 Cloudpanel 2024-11-21 8.8 High
Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function.
CVE-2024-24308 1 Boostmyshop 1 Boostmyshop 2024-11-21 9.8 Critical
SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php.
CVE-2024-24303 1 Hipresta 1 Gift Wrapping Pro 2024-11-21 9.8 Critical
SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue() method.
CVE-2024-24260 1 Ireader 1 Media-server 2024-11-21 7.5 High
media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_subscribe_remove function at /uac/sip-uac-subscribe.c.
CVE-2024-24213 2 Postgresql, Supabase 2 Postgresql, Postgres 2024-11-21 9.8 Critical
Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically, /pg_meta/default/query is for SQL queries that are entered in an intended UI by an authorized user. Nothing is injected.
CVE-2024-24202 1 Easycorp 3 Zentao, Zentao Biz, Zentao Max 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file.
CVE-2024-24149 1 Libming 1 Libming 2024-11-21 6.5 Medium
A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.
CVE-2024-24147 1 Libming 1 Libming 2024-11-21 6.5 Medium
A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file.
CVE-2024-24141 1 Remyandrade 1 School Task Manager 2024-11-21 9.8 Critical
Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter.
CVE-2024-24139 1 Remyandrade 1 Login System With Email Verification 2024-11-21 7.2 High
Sourcecodester Login System with Email Verification 1.0 allows SQL Injection via the 'user' parameter.
CVE-2024-24133 1 Atmail 1 Atmail 2024-11-21 9.8 Critical
Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page.