Total
277601 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42167 | 1 Fiware | 1 Keyrock | 2024-08-29 | 9.1 Critical |
| The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname. | ||||
| CVE-2024-42166 | 1 Fiware | 1 Keyrock | 2024-08-29 | 9.1 Critical |
| The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious name. | ||||
| CVE-2024-7852 | 2 Oretnom23, Sourcecodester | 2 Yoga Class Registration System, Yoga Class Registration System | 2024-08-29 | 3.5 Low |
| A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-42165 | 1 Fiware | 1 Keyrock | 2024-08-29 | 6.3 Medium |
| Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link. | ||||
| CVE-2024-42164 | 1 Fiware | 1 Keyrock | 2024-08-29 | 4.3 Medium |
| Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link. | ||||
| CVE-2024-42163 | 1 Fiware | 1 Keyrock | 2024-08-29 | 8.3 High |
| Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link. | ||||
| CVE-2024-8222 | 2 Oretnom23, Sourcecodester | 2 Music Gallery Site, Music Gallery Site | 2024-08-29 | 6.3 Medium |
| A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file /admin/?page=musics/manage_music. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8223 | 2 Music Gallery Site Project, Oretnom23 | 2 Music Gallery Site, Music Gallery Site | 2024-08-29 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. This vulnerability affects unknown code of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-6329 | 1 Gitlab | 1 Gitlab | 2024-08-29 | 5.7 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded. | ||||
| CVE-2024-4784 | 1 Gitlab | 1 Gitlab | 2024-08-29 | 4.2 Medium |
| An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy. | ||||
| CVE-2024-4210 | 1 Gitlab | 1 Gitlab | 2024-08-29 | 6.5 Medium |
| A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a denial of service using crafted adoc files. | ||||
| CVE-2024-8220 | 2 Angeljudesuarez, Itsourcecode | 2 Tailoring Management System, Tailoring Management System | 2024-08-29 | 6.3 Medium |
| A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file staffedit.php. The manipulation of the argument id/stafftype/address/fullname/phonenumber/salary leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-38018 | 1 Ibm | 1 Aspera Shares | 2024-08-29 | 6.3 Medium |
| IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574. | ||||
| CVE-2024-37382 | 1 Abinitio | 2 Authorization Gateway, Metadata Hub | 2024-08-29 | 6.3 Medium |
| An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration. | ||||
| CVE-2024-42493 | 1 Dorsettcontrols | 1 Infoscan | 2024-08-29 | 5.3 Medium |
| Dorsett Controls InfoScan is vulnerable due to a leak of possible sensitive information through the response headers and the rendered JavaScript prior to user login. | ||||
| CVE-2024-39287 | 1 Dorsettcontrols | 1 Infoscan | 2024-08-29 | 5.3 Medium |
| Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys. | ||||
| CVE-2024-42408 | 1 Dorsettcontrols | 1 Infoscan | 2024-08-29 | 5.3 Medium |
| The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure. | ||||
| CVE-2024-42366 | 1 Vrcx-team | 1 Vrcx | 2024-08-29 | 9.1 Critical |
| VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In addition to the patch, VRCX maintainers worked with the VRC team and blocked the older version of VRCX on the VRC's API side. Users who use the older version of VRCX must update their installation to continue using VRCX. | ||||
| CVE-2022-2440 | 1 Mndpsingh287 | 1 Theme Editor | 2024-08-29 | 7.2 High |
| The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'images_array' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload. | ||||
| CVE-2024-7857 | 1 Maxfoundry | 1 Media Library Folders | 2024-08-29 | 9.8 Critical |
| The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection via the 'sort_type' parameter of the 'mlf_change_sort_type' AJAX action in all versions up to, and including, 8.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||