Total
277614 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29724 | 1 Sportsnet | 2 Sportsnet, Sportsnetcms | 2024-08-30 | 9.8 Critical |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/ax/registerSp/, parameter idDesafio. | ||||
| CVE-2024-29725 | 1 Sportsnet | 2 Sportsnet, Sportsnetcms | 2024-08-30 | 9.8 Critical |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sort_bloques/, parameter list. | ||||
| CVE-2024-29728 | 1 Sportsnet | 2 Sportsnet, Sportsnetcms | 2024-08-30 | 9.8 Critical |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/inscribeUsuario/ , parameter idDesafio. | ||||
| CVE-2024-29729 | 1 Sportsnet | 2 Sportsnet, Sportsnetcms | 2024-08-30 | 9.8 Critical |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/generateShortURL/, parameter url. | ||||
| CVE-2024-29731 | 1 Sportsnet | 2 Sportsnet, Sportsnetcms | 2024-08-30 | 9.8 Critical |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/checkBlindFields/ , parameters idChallenge and idEmpresa. | ||||
| CVE-2024-4428 | 1 Menulux | 2 Management Portal, Managment Portal | 2024-08-30 | 9.8 Critical |
| Improper Privilege Management vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.This issue affects Managment Portal: through 21.05.2024. | ||||
| CVE-2024-7606 | 1 Etoilewebdesign | 1 Front End Users | 2024-08-30 | 6.4 Medium |
| The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and including, 3.2.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-29727 | 1 Sportsnet | 2 Sportsnet, Sportsnetcms | 2024-08-30 | 9.8 Critical |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sendParticipationRemember/ , parameter send. | ||||
| CVE-2024-7607 | 1 Etoilewebdesign | 1 Front End Users | 2024-08-30 | 8.8 High |
| The Front End Users plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.2.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-8294 | 1 Feehi | 1 Feehicms | 2024-08-30 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. This affects the function update of the file /admin/index.php?r=friendly-link%2Fupdate. The manipulation of the argument FriendlyLink[image] leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8295 | 1 Feehi | 1 Feehicms | 2024-08-30 | 6.3 Medium |
| A vulnerability has been found in FeehiCMS up to 2.1.1 and classified as critical. This vulnerability affects the function createBanner of the file /admin/index.php?r=banner%2Fbanner-create. The manipulation of the argument BannerForm[img] leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8296 | 1 Feehi | 1 Feehicms | 2024-08-30 | 6.3 Medium |
| A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument User[avatar] leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-42851 | 1 Aertherwide | 1 Exiftags | 2024-08-30 | 8.4 High |
| Buffer Overflow vulnerability in open source exiftags v.1.01 allows a local attacker to execute arbitrary code via the paresetag function. | ||||
| CVE-2024-8297 | 1 Kitsada8621 | 1 Digital Library Management System | 2024-08-30 | 5.3 Medium |
| A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token_middleware.go. The manipulation of the argument Authorization leads to improper output neutralization for logs. It is possible to launch the attack remotely. The name of the patch is 81b3336b4c9240f0bf50c13cb8375cf860d945f1. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2024-8301 | 2 Dingfanzu, Gitapp | 2 Cms, Dingfanzu | 2024-08-30 | 7.3 High |
| A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax/checkin.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-39996 | 1 Teldat | 4 Rs123, Rs123 Firmware, Rs123w and 1 more | 2024-08-30 | 4.8 Medium |
| Cross Site Scripting vulnerability in Teldats Router RS123, RS123w allows attacker to execute arbitrary code via the cmdcookie parameter to the upgrade/query.php page. | ||||
| CVE-2024-8200 | 1 Smashballoon | 1 Reviews Feed | 2024-08-30 | 4.3 Medium |
| The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'update_api_key' function. This makes it possible for unauthenticated attackers to update an API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-8199 | 1 Smashballoon | 1 Reviews Feed | 2024-08-30 | 4.3 Medium |
| The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_api_key' function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update API Key options. | ||||
| CVE-2024-45264 | 2 Skyss, Skysystem | 2 Arfa-cms, Arfa Cms | 2024-08-30 | 8 High |
| A cross-site request forgery (CSRF) vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges. | ||||
| CVE-2024-44342 | 1 Dlink | 2 Dir-846w, Dir-846w Firmware | 2024-08-30 | 8.8 High |
| D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. This vulnerability is exploited via a crafted POST request. | ||||