Total
277590 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39097 | 1 Gnuboard | 1 Gnuboard6 | 2024-08-27 | 6.1 Medium |
| There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in login path. | ||||
| CVE-2024-6978 | 1 Catonetworks | 1 Cato Client | 2024-08-27 | 5.6 Medium |
| Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.This issue affects SDP Client: before 5.10.28. | ||||
| CVE-2024-8081 | 2 Itsourcecode, Kevinwong | 2 Payroll Management System, Payroll Management System | 2024-08-27 | 7.3 High |
| A vulnerability classified as critical was found in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8083 | 2 Oretnom23, Sourcecodester | 2 Online Computer And Laptop Store, Online Computer And Laptop Store | 2024-08-27 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /php-ocls/classes/Master.php?f=pay_order. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8084 | 2 Oretnom23, Sourcecodester | 2 Online Computer And Laptop Store, Online Computer And Laptop Store | 2024-08-27 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /php-ocls/classes/SystemSettings.php?f=update_settings of the component Setting Handler. The manipulation of the argument System Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-41285 | 1 Fastcom | 2 Fw300r, Fw300r Firmware | 2024-08-27 | 9.8 Critical |
| A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted file path. | ||||
| CVE-2024-8170 | 2 Rems, Sourcecodester | 2 Zipped Folder Manager App, Zipped Folder Manager App | 2024-08-27 | 3.5 Low |
| A vulnerability classified as problematic has been found in SourceCodester Zipped Folder Manager App 1.0. This affects an unknown part of the file /endpoint/add-folder.php. The manipulation of the argument folder leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8171 | 2 Angeljudesuarez, Itsourcecode | 2 Tailoring Management System, Tailoring Management System | 2024-08-27 | 6.3 Medium |
| A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. This vulnerability affects unknown code of the file staffcatedit.php. The manipulation of the argument title leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-43336 | 1 Wpusermanager | 1 Wp User Manager | 2024-08-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WP User Manager.This issue affects WP User Manager: from n/a through 2.9.10. | ||||
| CVE-2024-43337 | 1 Getbrave | 1 Brave | 2024-08-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.7.0. | ||||
| CVE-2024-43339 | 1 Webinarpress | 1 Webinarpress | 2024-08-27 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress allows Cross-Site Scripting (XSS).This issue affects WebinarPress: from n/a through 1.33.20. | ||||
| CVE-2024-43340 | 1 Advancedformintegration | 1 Advanced Form Integration | 2024-08-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Nasirahmed Advanced Form Integration.This issue affects Advanced Form Integration: from n/a through 1.89.4. | ||||
| CVE-2024-43356 | 1 Bobbingwide | 1 Oik | 2024-08-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide.This issue affects oik: from n/a through 4.12.0. | ||||
| CVE-2024-8138 | 2 Code-projects, Pharmacy Management System Project | 2 Pharmacy Management System, Pharmacy Management System | 2024-08-27 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. Affected is the function editManager of the file /index.php?action=editManager of the component Parameter Handler. The manipulation of the argument id as part of String leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2024-8137 | 2 Jkev, Sourcecodester | 2 Record Management System, Record Management System | 2024-08-27 | 3.5 Low |
| A vulnerability has been found in SourceCodester Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_user.php. The manipulation of the argument search leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-45239 | 1 Nicmx | 1 Fort-validator | 2024-08-27 | 7.5 High |
| An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. | ||||
| CVE-2024-45237 | 2 Fort Validator Project, Nicmx | 2 Fort Validator, Fort-validator | 2024-08-27 | 9.8 Critical |
| An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without properly sanitizing its length, leading to a buffer overflow. | ||||
| CVE-2024-8136 | 2 Jkev, Sourcecodester | 2 Record Management System, Record Management System | 2024-08-27 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Record Management System 1.0. This affects an unknown part of the file sort1_user.php. The manipulation of the argument position leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8135 | 1 Gotribe | 1 Gotribe | 2024-08-27 | 6.3 Medium |
| A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310. Affected is the function Sign of the file pkg/token/token.go. The manipulation of the argument config.key leads to hard-coded credentials. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2024-6977 | 1 Catonetworks | 1 Cato Client | 2024-08-27 | 6.5 Medium |
| A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34. | ||||