Total 279108 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-29726 1 Sportsnet 2 Sportsnet, Sportsnetcms 2024-09-06 9.8 Critical
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/setAsRead/, parameter id.
CVE-2024-43965 1 Smackcoders 1 Sendgrid 2024-09-06 8.2 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4.
CVE-2024-8340 2 Oretnom23, Sourcecodester 2 Electric Billing Management System, Electric Billing Management System 2024-09-06 7.3 High
A vulnerability classified as critical has been found in SourceCodester Electric Billing Management System 1.0. This affects an unknown part of the file /Actions.php?a=login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-38402 1 Qualcomm 362 Ar8035, Ar8035 Firmware, Csra6620 and 359 more 2024-09-06 7.8 High
Memory corruption while processing IOCTL call for getting group info.
CVE-2024-8119 1 Wpextended 1 Wp Extended 2024-09-06 6.1 Medium
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2024-8117 1 Wpextended 1 Wp Extended 2024-09-06 6.1 Medium
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘selected_option’ parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2024-43250 1 Bitapps 1 Bit Form 2024-09-06 7.1 High
Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4.
CVE-2024-34656 1 Samsung 1 Notes 2024-09-06 7.3 High
Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.
CVE-2024-8181 1 Flowiseai 1 Flowise 2024-09-06 9.8 Critical
An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.
CVE-2024-34641 1 Samsung 1 Android 2024-09-06 5.1 Medium
Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration.
CVE-2024-41912 1 Hp 2 Poly Clariti Manager, Poly Clariti Manager Firmware 2024-09-06 9.8 Critical
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls.
CVE-2024-8298 1 Huawei 2 Emui, Harmonyos 2024-09-06 6.2 Medium
Memory request vulnerability in the memory management module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-38321 1 Ibm 1 Business Automation Workflow 2024-09-06 5.3 Medium
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868.
CVE-2024-45449 1 Huawei 2 Emui, Harmonyos 2024-09-06 5.1 Medium
Access permission verification vulnerability in the ringtone setting module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-45447 1 Huawei 2 Emui, Harmonyos 2024-09-06 4.4 Medium
Access control vulnerability in the camera framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-20478 1 Cisco 1 Application Policy Infrastructure Controller 2024-09-06 6.5 Medium
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system. This vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root. Note: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller.
CVE-2024-45446 1 Huawei 2 Emui, Harmonyos 2024-09-06 5.5 Medium
Access permission verification vulnerability in the camera driver module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-45445 1 Huawei 2 Emui, Harmonyos 2024-09-06 4 Medium
Vulnerability of resources not being closed or released in the keystore module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-45444 1 Huawei 2 Emui, Harmonyos 2024-09-06 5.5 Medium
Access permission verification vulnerability in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-6792 1 Wpulike 1 Wp Ulike 2024-09-06 3.5 Low
The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page.