Total
276628 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38699 | 1 Wpswings | 1 Wallet System For Woocommerce | 2024-08-13 | 7.5 High |
| Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13. | ||||
| CVE-2024-37935 | 1 Anhvnit | 1 Woocommerce Openpos | 2024-08-13 | 7.5 High |
| Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4. | ||||
| CVE-2024-43160 | 1 Berqier | 1 Berqwp | 2024-08-13 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6. | ||||
| CVE-2024-38749 | 1 Olivethemes | 1 Olive One Click Demo Import | 2024-08-13 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Olive One Click Demo Import: from n/a through 1.1.2. | ||||
| CVE-2024-38760 | 1 Sumanbhattarai | 1 Send Users Email | 2024-08-13 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Maucher Send Users Email allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Send Users Email: from n/a through 1.5.1. | ||||
| CVE-2024-43121 | 1 Realmag777 | 1 Husky | 2024-08-13 | 9.1 Critical |
| Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1. | ||||
| CVE-2024-41913 | 1 Hp | 2 Poly Clariti Manager, Poly Clariti Manager Firmware | 2024-08-13 | 8.8 High |
| A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input. | ||||
| CVE-2024-41910 | 1 Hp | 2 Poly Clariti Manager, Poly Clariti Manager Firmware | 2024-08-13 | 6.1 Medium |
| A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used. | ||||
| CVE-2024-43165 | 2024-08-13 | 6.5 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rashid87 WPSection allows PHP Local File Inclusion.This issue affects WPSection: from n/a through 1.3.8. | ||||
| CVE-2024-6136 | 1 Tipsandtricks-hq | 1 Wp Estore | 2024-08-13 | 5.4 Medium |
| The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2024-6133 | 1 Tipsandtricks-hq | 1 Wp Estore | 2024-08-13 | 6.5 Medium |
| The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-40488 | 1 Kashipara | 1 Live Membership System | 2024-08-13 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via a crafted HTML page, as demonstrated by a Delete Member action at the /delete_members.php. | ||||
| CVE-2024-40486 | 1 Kashipara | 1 Live Membership System | 2024-08-13 | 9.8 Critical |
| A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters. | ||||
| CVE-2024-40482 | 1 Kashipara | 1 Live Membership System | 2024-08-13 | 9.8 Critical |
| An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2024-40479 | 1 Kashipara | 1 Online Exam System | 2024-08-13 | 8.1 High |
| A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter. | ||||
| CVE-2024-40477 | 1 Phpgurukul | 1 Old Age Home Management System | 2024-08-13 | 9.8 Critical |
| A SQL injection vulnerability in "/oahms/admin/forgot-password.php" in PHPGurukul Old Age Home Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "email" parameter. | ||||
| CVE-2024-37826 | 1 Vercot | 1 Serva | 2024-08-12 | 7.5 High |
| A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2024-37403 | 1 Ivanti | 1 Docs\@work | 2024-08-12 | 5.5 Medium |
| Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerability. This potentially enables other malicious apps on the device to read sensitive information stored in the app root. | ||||
| CVE-2024-36132 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-08-12 | 7.5 High |
| Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources. | ||||
| CVE-2024-34788 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-08-12 | 6.5 Medium |
| An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially sensitive information | ||||