Total
277667 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41372 | 2 Causefx, Organizr | 2 Organizr, Organizr | 2024-09-04 | 9.8 Critical |
| Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php. | ||||
| CVE-2024-41371 | 1 Organizr | 1 Organizr | 2024-09-04 | 6.1 Medium |
| Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php. | ||||
| CVE-2024-41370 | 2 Causefx, Organizr | 2 Organizr, Organizr | 2024-09-04 | 9.8 Critical |
| Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php. | ||||
| CVE-2024-41358 | 1 Phpipam | 1 Phpipam | 2024-09-04 | 6.1 Medium |
| phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php. | ||||
| CVE-2024-41351 | 1 Baijunyao | 2 Bjyadmin, Thinkphp-bjyadmin | 2024-09-04 | 6.1 Medium |
| bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/getContent.php | ||||
| CVE-2024-41350 | 1 Baijunyao | 2 Bjyadmin, Thinkphp-bjyadmin | 2024-09-04 | 6.1 Medium |
| bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/imageUp.php | ||||
| CVE-2024-41348 | 1 Jpatokal | 1 Openflights | 2024-09-04 | 6.1 Medium |
| openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php | ||||
| CVE-2024-41347 | 1 Jpatokal | 1 Openflights | 2024-09-04 | 6.1 Medium |
| openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php | ||||
| CVE-2024-41346 | 1 Jpatokal | 1 Openflights | 2024-09-04 | 6.1 Medium |
| openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php | ||||
| CVE-2024-44921 | 1 Seacms | 1 Seacms | 2024-09-04 | 9.8 Critical |
| SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del. | ||||
| CVE-2024-44920 | 1 Seacms | 1 Seacms | 2024-09-04 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter. | ||||
| CVE-2024-8380 | 2 Rems, Sourcecodester | 2 Contact Manager With Export To Vcf, Contact Manager | 2024-09-04 | 6.3 Medium |
| A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. It has been rated as critical. This issue affects some unknown processing of the file /endpoint/delete-account.php of the component Delete Contact Handler. The manipulation of the argument contact leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8004 | 2 3ds, Dassault | 4 3dexperience Enovia, 3dswymer 3dexperience 2022, 3dswymer 3dexperience 2023 and 1 more | 2024-09-04 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2024-7938 | 2 3ds, Dassault | 3 3dexperience, 3dswymer 3dexperience 2023, 3dswymer 3dexperience 2024 | 2024-09-04 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2024-38858 | 1 Checkmk | 1 Checkmk | 2024-09-04 | 6.1 Medium |
| Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view. | ||||
| CVE-2024-44809 | 1 Recantha | 1 Pi Camera Project | 2024-09-04 | 9.8 Critical |
| A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the "position" GET parameter in the tilt.php script. An attacker can exploit this by sending crafted input data that includes malicious command sequences, allowing arbitrary commands to be executed on the server with the privileges of the web server user. This vulnerability is exploitable remotely and poses significant risk if the application is exposed to untrusted networks. | ||||
| CVE-2024-5024 | 1 Memberpress | 1 Memberpress | 2024-09-04 | 6.1 Medium |
| The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mepr_screenname' and 'mepr_key' parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-4401 | 1 Wpvibes | 1 Elementor Addon Elements | 2024-09-04 | 6.4 Medium |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-2881 | 3 Linux, Microsoft, Wolfssl | 4 Linux Kernel, Windows, Wolfcrypt and 1 more | 2024-09-04 | 6.7 Medium |
| Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure. | ||||
| CVE-2024-1545 | 3 Linux, Microsoft, Wolfssl | 4 Linux Kernel, Windows, Wolfcrypt and 1 more | 2024-09-04 | 5.9 Medium |
| Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. | ||||