Total
18193 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-10081 | 1 Ericsson | 1 Codechecker | 2024-11-06 | 10 Critical |
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. All endpoints, apart from the /Authentication is affected by the vulnerability. This issue affects CodeChecker: through 6.24.1. | ||||
CVE-2024-48746 | 1 Lensvisual | 1 Lensvisual | 2024-11-06 | 9.8 Critical |
An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute arbitrary code via the Natural language processing component | ||||
CVE-2024-51115 | 1 Dcnglobal | 1 Dcme-320 Firmware | 2024-11-06 | 9.8 Critical |
DCME-320 v7.4.12.90 was discovered to contain a command injection vulnerability. | ||||
CVE-2024-28265 | 1 Ibos | 1 Ibos | 2024-11-06 | 9.1 Critical |
IBOS v4.5.5 has an arbitrary file deletion vulnerability via \system\modules\dashboard\controllers\LoginController.php. | ||||
CVE-2024-50526 | 2 Lindeni, Mahlamusa | 2 Multi Purpose Mail Form, Multi Purpose Mail Form | 2024-11-06 | 10 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2. | ||||
CVE-2024-50527 | 2 Stacks, Stacksmarket | 2 Stacks Mobile App Builder, Stacks Mobile App Builder | 2024-11-06 | 10 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in Stacks Stacks Mobile App Builder allows Upload a Web Shell to a Web Server.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3. | ||||
CVE-2024-50529 | 2 Rudra Innovative Software, Rudrainnovative | 2 Training Courses, Training - Courses | 2024-11-06 | 9.9 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in Rudra Innnovative Software Training – Courses allows Upload a Web Shell to a Web Server.This issue affects Training – Courses: from n/a through 2.0.1. | ||||
CVE-2024-50530 | 2 Myriad Solutionz, Myriadsolutionz | 2 Stars Smtp Mailer, Stars Smtp Mailer | 2024-11-06 | 9.9 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer allows Upload a Web Shell to a Web Server.This issue affects Stars SMTP Mailer: from n/a through 1.7. | ||||
CVE-2024-50531 | 2 Carrcommunications, Davidfcarr | 2 Rsvpmaker, Rsvpmarker | 2024-11-06 | 10 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in David F. Carr RSVPMaker for Toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through 6.2.4. | ||||
CVE-2024-50523 | 2 Rainbow-link, Rainbowlink | 2 All Post Contact Form, All Post Contact Form | 2024-11-06 | 10 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in RainbowLink Inc. All Post Contact Form allows Upload a Web Shell to a Web Server.This issue affects All Post Contact Form: from n/a through 1.7.3. | ||||
CVE-2024-7456 | 2 Lunary, Lunary-ai | 2 Lunary, Lunary-ai\/lunary | 2024-11-06 | 9.8 Critical |
A SQL injection vulnerability exists in the `/api/v1/external-users` route of lunary-ai/lunary version v1.4.2. The `order by` clause of the SQL query uses `sql.unsafe` without prior sanitization, allowing for SQL injection. The `orderByClause` variable is constructed without server-side validation or sanitization, enabling an attacker to execute arbitrary SQL commands. Successful exploitation can lead to complete data loss, modification, or corruption. | ||||
CVE-2024-50525 | 1 Helloprint | 1 Helloprint | 2024-11-06 | 10 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in Helloprint Plug your WooCommerce into the largest catalog of customized print products from Helloprint allows Upload a Web Shell to a Web Server.This issue affects Plug your WooCommerce into the largest catalog of customized print products from Helloprint: from n/a through 2.0.2. | ||||
CVE-2024-42773 | 1 Kashipara | 1 Hotel Management System | 2024-11-06 | 9.1 Critical |
An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section. | ||||
CVE-2024-51327 | 1 Projectworlds | 1 Travel Management System | 2024-11-06 | 9.8 Critical |
SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields. | ||||
CVE-2024-9488 | 1 Gvectors | 1 Wpdiscuz | 2024-11-06 | 9.8 Critical |
The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. | ||||
CVE-2024-41577 | 1 Productinfoquick | 1 Productinfoquick | 2024-11-05 | 9.8 Critical |
An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. | ||||
CVE-2024-45918 | 1 Kirisun | 1 Command And Dispatch Platform | 2024-11-05 | 9.8 Critical |
Fujian Kelixin Communication Command and Dispatch Platform <=7.6.6.4391 is vulnerable to SQL Injection via /client/get_gis_fence.php. | ||||
CVE-2024-10386 | 1 Rockwellautomation | 1 Thinmanager | 2024-11-05 | 9.8 Critical |
CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation. | ||||
CVE-2024-47406 | 2 Sharp, Toshibatec | 643 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 640 more | 2024-11-05 | 9.1 Critical |
Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability. | ||||
CVE-2024-37846 | 2 Radix Iot, Radixiot | 2 Mango Os, Mango | 2024-11-05 | 9.8 Critical |
MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page. |