Total
18242 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33969 | 1 Janobe | 6 Credit Card, Debit Card Payment, Paypal and 3 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/AttendanceMonitoring/department/index.php' parameter. | ||||
| CVE-2024-33971 | 1 Janobe | 5 Credit Card, Debit Card Payment, Paypal and 2 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'username' in '/login.php' parameter. | ||||
| CVE-2024-33972 | 1 Janobe | 6 Credit Card, Debit Card Payment, Paypal and 3 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'events' in '/report/event_print.php' parameter. | ||||
| CVE-2024-33973 | 1 Janobe | 6 Credit Card, Debit Card Payment, Paypal and 3 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/report/attendance_print.php' parameter. | ||||
| CVE-2024-34479 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2024-08-08 | 9.8 Critical |
| SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection. | ||||
| CVE-2024-41247 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-08 | 9.1 Critical |
| An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa/add_class_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new class entry. | ||||
| CVE-2024-7350 | 1 Reputeinfosystems | 1 Appointment Booking Calendar Plugin And Scheduling Plugin Bookingpress | 2024-08-08 | 9.8 Critical |
| The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they have access to that user's email. This is only exploitable when the 'Auto login user after successful booking' setting is enabled. | ||||
| CVE-2024-38770 | 1 Revmakx | 1 Backup And Staging By Wp Time Capsule | 2024-08-07 | 9.8 Critical |
| Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.20. | ||||
| CVE-2024-33974 | 1 Janobe | 3 School Attendance Monitoring System, School Attendence Monitoring System, School Event Management System | 2024-08-07 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Users in '/report/printlogs.php' parameter. | ||||
| CVE-2024-38883 | 1 Horizoncloud | 1 Caterease | 2024-08-07 | 9.1 Critical |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Drop Encryption Level attack due to the selection of a less-secure algorithm during negotiation. | ||||
| CVE-2024-38882 | 1 Horizoncloud | 1 Caterease | 2024-08-07 | 9.8 Critical |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command. | ||||
| CVE-2024-41961 | 1 Sapcc | 1 Elektra | 2024-08-07 | 9.2 Critical |
| Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02. | ||||
| CVE-2024-40498 | 1 Puneethreddyhc | 1 Online Shopping System Advanced | 2024-08-06 | 9.8 Critical |
| SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attacker to execute arbitrary code via the register.php | ||||
| CVE-2024-6915 | 1 Jfrog | 1 Artifactory | 2024-08-06 | 9.3 Critical |
| JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning. | ||||
| CVE-2024-7257 | 1 Yaycommerce | 1 Yayextra | 2024-08-05 | 9.8 Critical |
| The YayExtra – WooCommerce Extra Product Options plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_upload_file function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2024-41259 | 1 Navidrome | 1 Navidrome | 2024-08-02 | 9.1 Critical |
| Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information. | ||||
| CVE-2024-39619 | 2024-08-02 | 9 Critical | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.3. | ||||
| CVE-2024-6695 | 1 Cozmoslabs | 1 Profile Builder | 2024-08-01 | 9.8 Critical |
| it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process. | ||||
| CVE-2024-41660 | 1 Openbmc-project | 1 Slpd-lite | 2024-08-01 | 9.8 Critical |
| slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when building OpenBMC. Nefarious users can send slp packets to the BMC using UDP port 427 to cause memory overflow issues within the slpd-lite daemon on the BMC. Patches will be available in the latest openbmc/slpd-lite repository. | ||||
| CVE-2022-41852 | 1 Redhat | 1 Camel Spring Boot | 2023-11-07 | 9.8 Critical |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | ||||