Total
18197 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-8466 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in it. | ||||
CVE-2024-8465 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it. | ||||
CVE-2024-8464 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information stored in it. | ||||
CVE-2024-41444 | 1 Seacms | 1 Seacms | 2024-09-05 | 9.8 Critical |
SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so. | ||||
CVE-2024-42885 | 1 Esafenet | 1 Cdg | 2024-09-05 | 9.1 Critical |
SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page. | ||||
CVE-2024-42913 | 1 Ruoyi | 1 Ruoyi | 2024-09-05 | 9.8 Critical |
RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1. | ||||
CVE-2024-45265 | 2 Skyss, Skysystem | 2 Arfa-cms, Arfa Cms | 2024-09-05 | 9.8 Critical |
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter. | ||||
CVE-2024-8289 | 1 Multivendorx | 1 Multivendorx | 2024-09-05 | 9.8 Critical |
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability check on the update_item_permissions_check and create_item_permissions_check functions in all versions up to, and including, 4.2.0. This makes it possible for unauthenticated attackers to change the password of any user with the vendor role, create new users with the vendor role, and demote other users like administrators to the vendor role. | ||||
CVE-2024-42458 | 1 Any1 | 1 Neatvnc | 2024-09-05 | 9.8 Critical |
server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369. | ||||
CVE-2024-7076 | 2 Semtek, Semtekyazilim | 2 Sempos, Semtek Sempos | 2024-09-05 | 9.8 Critical |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection.This issue affects Semtek Sempos: through 31072024. | ||||
CVE-2024-7078 | 2 Semtek, Semtekyazilim | 2 Sempos, Semtek Sempos | 2024-09-05 | 9.8 Critical |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection.This issue affects Semtek Sempos: through 31072024. | ||||
CVE-2024-45522 | 1 Linen | 1 Linen | 2024-09-05 | 9.1 Critical |
Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts. | ||||
CVE-2024-44808 | 1 Vypor | 1 Attack Api System | 2024-09-05 | 9.8 Critical |
An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter. | ||||
CVE-2024-43360 | 1 Zoneminder | 1 Zoneminder | 2024-09-04 | 9.8 Critical |
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61. | ||||
CVE-2024-45509 | 1 Misp | 1 Misp | 2024-09-04 | 9.8 Critical |
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin. | ||||
CVE-2024-45508 | 2 Htmldoc, Htmldoc Project | 2 Htmldoc, Htmldoc | 2024-09-04 | 9.8 Critical |
HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. | ||||
CVE-2024-41364 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2024-09-04 | 9.8 Critical |
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php | ||||
CVE-2024-41366 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2024-09-04 | 9.8 Critical |
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\userScripts.php | ||||
CVE-2024-41367 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2024-09-04 | 9.8 Critical |
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php | ||||
CVE-2024-41368 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2024-09-04 | 9.8 Critical |
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php |