Total
279108 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-29726 | 1 Sportsnet | 2 Sportsnet, Sportsnetcms | 2024-09-06 | 9.8 Critical |
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/setAsRead/, parameter id. | ||||
CVE-2024-43965 | 1 Smackcoders | 1 Sendgrid | 2024-09-06 | 8.2 High |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4. | ||||
CVE-2024-8340 | 2 Oretnom23, Sourcecodester | 2 Electric Billing Management System, Electric Billing Management System | 2024-09-06 | 7.3 High |
A vulnerability classified as critical has been found in SourceCodester Electric Billing Management System 1.0. This affects an unknown part of the file /Actions.php?a=login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-38402 | 1 Qualcomm | 362 Ar8035, Ar8035 Firmware, Csra6620 and 359 more | 2024-09-06 | 7.8 High |
Memory corruption while processing IOCTL call for getting group info. | ||||
CVE-2024-8119 | 1 Wpextended | 1 Wp Extended | 2024-09-06 | 6.1 Medium |
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
CVE-2024-8117 | 1 Wpextended | 1 Wp Extended | 2024-09-06 | 6.1 Medium |
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘selected_option’ parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
CVE-2024-43250 | 1 Bitapps | 1 Bit Form | 2024-09-06 | 7.1 High |
Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4. | ||||
CVE-2024-34656 | 1 Samsung | 1 Notes | 2024-09-06 | 7.3 High |
Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code. | ||||
CVE-2024-8181 | 1 Flowiseai | 1 Flowise | 2024-09-06 | 9.8 Critical |
An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality. | ||||
CVE-2024-34641 | 1 Samsung | 1 Android | 2024-09-06 | 5.1 Medium |
Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration. | ||||
CVE-2024-41912 | 1 Hp | 2 Poly Clariti Manager, Poly Clariti Manager Firmware | 2024-09-06 | 9.8 Critical |
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls. | ||||
CVE-2024-8298 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | 6.2 Medium |
Memory request vulnerability in the memory management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2024-38321 | 1 Ibm | 1 Business Automation Workflow | 2024-09-06 | 5.3 Medium |
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868. | ||||
CVE-2024-45449 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | 5.1 Medium |
Access permission verification vulnerability in the ringtone setting module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2024-45447 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | 4.4 Medium |
Access control vulnerability in the camera framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2024-20478 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2024-09-06 | 6.5 Medium |
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system. This vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root. Note: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller. | ||||
CVE-2024-45446 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | 5.5 Medium |
Access permission verification vulnerability in the camera driver module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
CVE-2024-45445 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | 4 Medium |
Vulnerability of resources not being closed or released in the keystore module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
CVE-2024-45444 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | 5.5 Medium |
Access permission verification vulnerability in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2024-6792 | 1 Wpulike | 1 Wp Ulike | 2024-09-06 | 3.5 Low |
The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page. |