Total
278648 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-8709 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2024-09-13 | 6.3 Medium |
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is the function delete_user/save_user of the file /admin_class.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-8710 | 1 Code-projects | 1 Inventory Management | 2024-09-13 | 6.3 Medium |
A vulnerability classified as critical was found in code-projects Inventory Management 1.0. Affected by this vulnerability is an unknown functionality of the file /model/viewProduct.php of the component Products Table Page. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-8711 | 2 Oretnom23, Sourcecodester | 2 Food Ordering Management System, Food Ordering Management System | 2024-09-13 | 5.3 Medium |
A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by this issue is some unknown functionality of the file /includes/. The manipulation leads to exposure of information through directory listing. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-6017 | 1 Scriptonite | 1 Music Request Manager | 2024-09-13 | 6.1 Medium |
The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
CVE-2024-6018 | 1 Scriptonite | 1 Music Request Manager | 2024-09-13 | 6.1 Medium |
The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | ||||
CVE-2024-6019 | 1 Scriptonite | 1 Music Request Manager | 2024-09-13 | 6.1 Medium |
The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators | ||||
CVE-2024-8522 | 1 Thimpress | 1 Learnpress | 2024-09-13 | 10 Critical |
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
CVE-2024-8529 | 1 Thimpress | 1 Learnpress | 2024-09-13 | 10 Critical |
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
CVE-2024-6700 | 1 Pega | 1 Infinity | 2024-09-13 | 5.5 Medium |
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name. | ||||
CVE-2024-6701 | 1 Pega | 1 Infinity | 2024-09-13 | 5.5 Medium |
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type. | ||||
CVE-2024-6702 | 1 Pega | 1 Infinity | 2024-09-13 | 5.2 Medium |
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. | ||||
CVE-2020-24061 | 2 Kasda, Kasdanet | 3 Kw5515, Kw5515, Kw5515 Firmware | 2024-09-13 | 5.4 Medium |
Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script | ||||
CVE-2024-7738 | 1 Yzane | 2 Markdown Pdf, Vscode Markdown Pdf | 2024-09-13 | 3.3 Low |
A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-7739 | 1 Yzane | 2 Markdown Pdf, Vscode Markdown Pdf | 2024-09-13 | 4.3 Medium |
A vulnerability, which was classified as problematic, was found in yzane vscode-markdown-pdf 1.5.0. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-8695 | 1 Docker | 2 Desktop, Docker Desktop | 2024-09-13 | 9.8 Critical |
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. | ||||
CVE-2024-8696 | 1 Docker | 2 Desktop, Docker Desktop | 2024-09-13 | 9.8 Critical |
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2. | ||||
CVE-2024-25270 | 1 Mirapolis | 1 Lms | 2024-09-13 | 4.3 Medium |
An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data. | ||||
CVE-2024-3913 | 1 Phoenixcontact | 12 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 9 more | 2024-09-13 | 7.5 High |
An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup. | ||||
CVE-2024-8605 | 1 Code-projects | 1 Inventory Management | 2024-09-13 | 4.3 Medium |
A vulnerability classified as problematic was found in code-projects Inventory Management 1.0. This vulnerability affects unknown code of the file /view/registration.php of the component Registration Form. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-45406 | 1 Craftcms | 1 Craft Cms | 2024-09-13 | 5.5 Medium |
Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input. |