Total 18194 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-41370 2 Causefx, Organizr 2 Organizr, Organizr 2024-09-04 9.8 Critical
Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php.
CVE-2024-44921 1 Seacms 1 Seacms 2024-09-04 9.8 Critical
SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del.
CVE-2024-44809 1 Recantha 1 Pi Camera Project 2024-09-04 9.8 Critical
A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the "position" GET parameter in the tilt.php script. An attacker can exploit this by sending crafted input data that includes malicious command sequences, allowing arbitrary commands to be executed on the server with the privileges of the web server user. This vulnerability is exploitable remotely and poses significant risk if the application is exposed to untrusted networks.
CVE-2024-43941 1 Propovoice 2 Propovoice, Propovoice Pro 2024-09-04 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Propovoice Propovoice Pro allows SQL Injection.This issue affects Propovoice Pro: from n/a through 1.7.0.3.
CVE-2024-43773 2 Easytest, Huaju 2 Easytest Online Test Platform, Easytest Online Learning Test Platform 2024-09-04 9.8 Critical
SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter.
CVE-2024-43772 2 Easytest, Huaju 2 Easytest Online Test Platform, Easytest Online Learning Test Platform 2024-09-04 9.8 Critical
SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter.
CVE-2024-42978 1 Tenda 2 Fh1206, Fh1206 Firmware 2024-09-03 9.8 Critical
An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2024-42568 1 Arajajyothibabu 1 School Management System 2024-09-03 9.8 Critical
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php.
CVE-2024-45435 2 Chartist, Chartistjs 2 Chartist, Chartist 2024-09-03 9.8 Critical
Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function.
CVE-2024-45622 1 Asis 1 Asis 2024-09-03 9.8 Critical
ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass.
CVE-2024-45623 1 D-link 1 Dap-2310 Firmware 2024-09-03 9.8 Critical
D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-8016 1 Theeventscalendar 1 Events Calendar Pro 2024-09-03 9.1 Critical
The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely. In certain configurations, this can be exploitable by lower level users. We confirmed that this plugin installed with Elementor makes it possible for users with contributor-level access and above to exploit this issue.
CVE-2024-45488 1 Safeguard 1 Privileged Passwords 2024-08-30 9.8 Critical
One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations (VMware or HyperV). The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2.
CVE-2024-3673 1 Salephpscripts 1 Web Directory Free 2024-08-30 9.1 Critical
The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.
CVE-2024-6118 1 Hamastar 1 Meetinghub Paperless Meetings 2024-08-30 9.1 Critical
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file.
CVE-2024-38795 1 Cridio 1 Listingpro 2024-08-30 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.
CVE-2024-39622 1 Cridio 1 Listingpro 2024-08-30 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro.This issue affects ListingPro: from n/a through 2.9.4.
CVE-2024-43955 1 Themeum 1 Droip 2024-08-30 10 Critical
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1.
CVE-2024-44070 2 Frrouting, Redhat 2 Frrouting, Enterprise Linux 2024-08-30 9.8 Critical
An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.
CVE-2024-45436 1 Ollama 1 Ollama 2024-08-30 9.1 Critical
extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.