Total 18193 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-10081 1 Ericsson 1 Codechecker 2024-11-06 10 Critical
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. All endpoints, apart from the /Authentication is affected by the vulnerability. This issue affects CodeChecker: through 6.24.1.
CVE-2024-48746 1 Lensvisual 1 Lensvisual 2024-11-06 9.8 Critical
An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute arbitrary code via the Natural language processing component
CVE-2024-51115 1 Dcnglobal 1 Dcme-320 Firmware 2024-11-06 9.8 Critical
DCME-320 v7.4.12.90 was discovered to contain a command injection vulnerability.
CVE-2024-28265 1 Ibos 1 Ibos 2024-11-06 9.1 Critical
IBOS v4.5.5 has an arbitrary file deletion vulnerability via \system\modules\dashboard\controllers\LoginController.php.
CVE-2024-50526 2 Lindeni, Mahlamusa 2 Multi Purpose Mail Form, Multi Purpose Mail Form 2024-11-06 10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2.
CVE-2024-50527 2 Stacks, Stacksmarket 2 Stacks Mobile App Builder, Stacks Mobile App Builder 2024-11-06 10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Stacks Stacks Mobile App Builder allows Upload a Web Shell to a Web Server.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.
CVE-2024-50529 2 Rudra Innovative Software, Rudrainnovative 2 Training Courses, Training - Courses 2024-11-06 9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Rudra Innnovative Software Training – Courses allows Upload a Web Shell to a Web Server.This issue affects Training – Courses: from n/a through 2.0.1.
CVE-2024-50530 2 Myriad Solutionz, Myriadsolutionz 2 Stars Smtp Mailer, Stars Smtp Mailer 2024-11-06 9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer allows Upload a Web Shell to a Web Server.This issue affects Stars SMTP Mailer: from n/a through 1.7.
CVE-2024-50531 2 Carrcommunications, Davidfcarr 2 Rsvpmaker, Rsvpmarker 2024-11-06 10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in David F. Carr RSVPMaker for Toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through 6.2.4.
CVE-2024-50523 2 Rainbow-link, Rainbowlink 2 All Post Contact Form, All Post Contact Form 2024-11-06 10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in RainbowLink Inc. All Post Contact Form allows Upload a Web Shell to a Web Server.This issue affects All Post Contact Form: from n/a through 1.7.3.
CVE-2024-7456 2 Lunary, Lunary-ai 2 Lunary, Lunary-ai\/lunary 2024-11-06 9.8 Critical
A SQL injection vulnerability exists in the `/api/v1/external-users` route of lunary-ai/lunary version v1.4.2. The `order by` clause of the SQL query uses `sql.unsafe` without prior sanitization, allowing for SQL injection. The `orderByClause` variable is constructed without server-side validation or sanitization, enabling an attacker to execute arbitrary SQL commands. Successful exploitation can lead to complete data loss, modification, or corruption.
CVE-2024-50525 1 Helloprint 1 Helloprint 2024-11-06 10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Helloprint Plug your WooCommerce into the largest catalog of customized print products from Helloprint allows Upload a Web Shell to a Web Server.This issue affects Plug your WooCommerce into the largest catalog of customized print products from Helloprint: from n/a through 2.0.2.
CVE-2024-42773 1 Kashipara 1 Hotel Management System 2024-11-06 9.1 Critical
An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section.
CVE-2024-51327 1 Projectworlds 1 Travel Management System 2024-11-06 9.8 Critical
SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields.
CVE-2024-9488 1 Gvectors 1 Wpdiscuz 2024-11-06 9.8 Critical
The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
CVE-2024-41577 1 Productinfoquick 1 Productinfoquick 2024-11-05 9.8 Critical
An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.
CVE-2024-45918 1 Kirisun 1 Command And Dispatch Platform 2024-11-05 9.8 Critical
Fujian Kelixin Communication Command and Dispatch Platform <=7.6.6.4391 is vulnerable to SQL Injection via /client/get_gis_fence.php.
CVE-2024-10386 1 Rockwellautomation 1 Thinmanager 2024-11-05 9.8 Critical
CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation.
CVE-2024-47406 2 Sharp, Toshibatec 643 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 640 more 2024-11-05 9.1 Critical
Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability.
CVE-2024-37846 2 Radix Iot, Radixiot 2 Mango Os, Mango 2024-11-05 9.8 Critical
MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.