Total 18197 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-8466 1 Phpgurukul 1 Job Portal 2024-09-06 9.8 Critical
SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in it.
CVE-2024-8465 1 Phpgurukul 1 Job Portal 2024-09-06 9.8 Critical
SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it.
CVE-2024-8464 1 Phpgurukul 1 Job Portal 2024-09-06 9.8 Critical
SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information stored in it.
CVE-2024-41444 1 Seacms 1 Seacms 2024-09-05 9.8 Critical
SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so.
CVE-2024-42885 1 Esafenet 1 Cdg 2024-09-05 9.1 Critical
SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page.
CVE-2024-42913 1 Ruoyi 1 Ruoyi 2024-09-05 9.8 Critical
RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1.
CVE-2024-45265 2 Skyss, Skysystem 2 Arfa-cms, Arfa Cms 2024-09-05 9.8 Critical
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter.
CVE-2024-8289 1 Multivendorx 1 Multivendorx 2024-09-05 9.8 Critical
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability check on the update_item_permissions_check and create_item_permissions_check functions in all versions up to, and including, 4.2.0. This makes it possible for unauthenticated attackers to change the password of any user with the vendor role, create new users with the vendor role, and demote other users like administrators to the vendor role.
CVE-2024-42458 1 Any1 1 Neatvnc 2024-09-05 9.8 Critical
server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369.
CVE-2024-7076 2 Semtek, Semtekyazilim 2 Sempos, Semtek Sempos 2024-09-05 9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection.This issue affects Semtek Sempos: through 31072024.
CVE-2024-7078 2 Semtek, Semtekyazilim 2 Sempos, Semtek Sempos 2024-09-05 9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection.This issue affects Semtek Sempos: through 31072024.
CVE-2024-45522 1 Linen 1 Linen 2024-09-05 9.1 Critical
Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts.
CVE-2024-44808 1 Vypor 1 Attack Api System 2024-09-05 9.8 Critical
An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter.
CVE-2024-43360 1 Zoneminder 1 Zoneminder 2024-09-04 9.8 Critical
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.
CVE-2024-45509 1 Misp 1 Misp 2024-09-04 9.8 Critical
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin.
CVE-2024-45508 2 Htmldoc, Htmldoc Project 2 Htmldoc, Htmldoc 2024-09-04 9.8 Critical
HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.
CVE-2024-41364 1 Sourcefabric 2 Phoniebox, Rpi-jukebox-rfid 2024-09-04 9.8 Critical
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php
CVE-2024-41366 1 Sourcefabric 2 Phoniebox, Rpi-jukebox-rfid 2024-09-04 9.8 Critical
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\userScripts.php
CVE-2024-41367 1 Sourcefabric 2 Phoniebox, Rpi-jukebox-rfid 2024-09-04 9.8 Critical
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php
CVE-2024-41368 1 Sourcefabric 2 Phoniebox, Rpi-jukebox-rfid 2024-09-04 9.8 Critical
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php