Search Results (366859 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-0469 1 Code-projects 1 Human Resource Integrated System 2024-11-21 6.3 Medium
A vulnerability was found in code-projects Human Resource Integrated System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update_personal_info.php. The manipulation of the argument sex leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250574 is the identifier assigned to this vulnerability.
CVE-2024-0468 1 Code-projects 1 Fighting Cock Information System 2024-11-21 6.3 Medium
A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/new-father.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250573 was assigned to this vulnerability.
CVE-2024-0466 1 Code-projects 1 Employee Profile Management System 2024-11-21 5.5 Medium
A vulnerability, which was classified as critical, has been found in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file file_table.php. The manipulation of the argument per_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250571.
CVE-2024-0454 2 Elan, Emc 3 Dell Inspiron, Elan Match-on-chip Fpr Solution, Elan Match-on-chip Fpr Solution Firmware 2024-11-21 6 Medium
ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.
CVE-2024-0439 2024-11-21 N/A
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request While this is not a critical vulnerability, it does indeed need to be patched to enforce the expected permission level.
CVE-2024-0430 1 Iobit 1 Malware Fighter 2024-11-21 5.5 Medium
IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver.
CVE-2024-0429 2 Bpsoft, Hex Workshop 2 Hex Workshop, Hex Workshop 2024-11-21 7.3 High
A denial service vulnerability has been found on  Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler (SEH) records resulting in a service shutdown.
CVE-2024-0420 1 Mappresspro 2 Mappress Maps, Mappress Maps For Wordpress 2024-11-21 6.1 Medium
The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks
CVE-2024-0419 1 Httpdx Project 1 Httpdx 2024-11-21 5.3 Medium
A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250439.
CVE-2024-0415 1 Csdeshang 1 Dsmall 2024-11-21 6.3 Medium
A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Affected by this vulnerability is an unknown functionality of the file application/home/controller/TaobaoExport.php of the component Image URL Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250435.
CVE-2024-0413 1 Csdeshang 1 Dskms 2024-11-21 5.3 Medium
A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file public/install.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250433 was assigned to this vulnerability.
CVE-2024-0396 1 Progress 1 Moveit Transfer 2024-11-21 7.1 High
In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in a denial of service.
CVE-2024-0360 1 Phpgurukul 1 Hospital Management System 2024-11-21 5.5 Medium
A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250127.
CVE-2024-0347 1 Engineers Online Portal Project 1 Engineers Online Portal 2024-11-21 3.7 Low
A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file signup_teacher.php. The manipulation of the argument Password leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250115.
CVE-2024-0346 1 Vehicle Booking System Project 1 Vehicle Booking System 2024-11-21 3.5 Low
A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 and classified as problematic. This vulnerability affects unknown code of the file usr/user-give-feedback.php of the component Feedback Page. The manipulation of the argument My Testemonial leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250114 is the identifier assigned to this vulnerability.
CVE-2024-0325 1 Perforce 1 Helix Sync 2024-11-21 3.6 Low
In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins.  
CVE-2024-0323 1 Br-automation 1 Automation Runtime 2024-11-21 9.8 Critical
The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients.
CVE-2024-0319 1 Fireeye 1 Hxtool 2024-11-21 5.4 Medium
Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter.
CVE-2024-0318 1 Fireeye 1 Hxtool 2024-11-21 5.4 Medium
Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded.
CVE-2024-0316 1 Fireeye 1 Endpoint Security 2024-11-21 6.8 Medium
Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containment_notify/preview parameter, which could lead to a service outage.