Total
264177 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9035 | 1 Code-projects | 1 Blood Bank System | 2024-09-26 | 7.3 High |
| A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/login.php of the component Admin Login. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9036 | 1 Itsourcecode | 1 Online Book Store | 2024-09-26 | 6.3 Medium |
| A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_add.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-26689 | 1 Cs-cart | 1 Cs-cart Multivendor | 2024-09-26 | 9.8 Critical |
| An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request. | ||||
| CVE-2024-46644 | 1 Enms | 1 Enms | 2024-09-26 | 6.5 Medium |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via edit_file. | ||||
| CVE-2024-46645 | 1 Enms | 1 Enms | 2024-09-26 | 7.5 High |
| eNMS 4.0.0 is vulnerable to Directory Traversal via get_tree_files. | ||||
| CVE-2024-46646 | 1 Enms | 1 Enms | 2024-09-26 | 6.5 Medium |
| eNMS up to 4.7.1 is vulnerable to Directory Traversal via /download/file. | ||||
| CVE-2024-46648 | 1 Enms | 1 Enms | 2024-09-26 | 7.5 High |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via scan_folder. | ||||
| CVE-2024-46649 | 1 Enms | 1 Enms | 2024-09-26 | 7.5 High |
| eNMS up to 4.7.1 is vulnerable to Directory Traversal via download/folder. | ||||
| CVE-2024-46241 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2024-09-26 | 5.9 Medium |
| PHPGurukul Dairy Farm Shop Management System v1.1 is vulnerable to Cross-Site Scripting (XSS) via the pname parameter in add_product.php and edit_product.php. | ||||
| CVE-2023-7281 | 1 Google | 1 Chrome | 2024-09-26 | 4.3 Medium |
| Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-46647 | 1 Enms | 1 Enms | 2024-09-26 | 6.5 Medium |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via upload_files. | ||||
| CVE-2024-37879 | 2024-09-26 | N/A | ||
| Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo". | ||||
| CVE-2024-42697 | 1 Leotheme | 1 Leo Product Search Module | 2024-09-26 | 6.1 Medium |
| Cross Site Scripting vulnerability in Leotheme Leo Product Search Module v.2.1.6 and earlier allows a remote attacker to execute arbitrary code via the q parameter of the product search function. | ||||
| CVE-2024-46652 | 1 Tenda | 1 Ac8v4 Firmware | 2024-09-26 | 9.8 Critical |
| Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fromAdvSetMacMtuWan function. | ||||
| CVE-2024-9034 | 1 Code-projects | 1 Patient Code Management System | 2024-09-26 | 7.3 High |
| A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9037 | 1 Codezips | 1 Internal Marks Calculation | 2024-09-26 | 7.3 High |
| A vulnerability classified as critical has been found in Codezips Internal Marks Calculation 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-44540 | 1 Ubiquiti | 1 Airmax Firmware | 2024-09-26 | 6.6 Medium |
| Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain a privileged command shell via the UART Debugging Port. | ||||
| CVE-2024-46654 | 1 Maccms | 1 Maccms | 2024-09-26 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-46101 | 1 Gdidees | 1 Gdidees Cms | 2024-09-26 | 9.8 Critical |
| GDidees CMS <= v3.9.1 has a file upload vulnerability. | ||||
| CVE-2024-42351 | 2024-09-26 | 6.5 Medium | ||
| Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. An attacker can potentially replace the contents of public datasets resulting in data loss or tampering. All supported branches of Galaxy (and more back to release_21.05) were amended with the below patch. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||