Total
277447 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49324 | 1 Sovratec | 2 Case Management, Sovratec Case Management | 2024-10-24 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Sovratec Sovratec Case Management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through 1.0.0. | ||||
| CVE-2024-49327 | 1 Asepbagjapriandana | 1 Woostagram Connect | 2024-10-24 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Asep Bagja Priandana Woostagram Connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through 1.0.2. | ||||
| CVE-2024-49329 | 2 Vivek Tamrakar, Vivektamrakar | 2 Wp Rest Api Fns, Wp Rest Api Fns | 2024-10-24 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Vivek Tamrakar WP REST API FNS allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through 1.0.0. | ||||
| CVE-2024-49330 | 1 Brx8r | 1 Nice Backgrounds | 2024-10-24 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through 1.0. | ||||
| CVE-2024-49331 | 2 Myriad Solutionz, Myriadsolutionz | 2 Property Lot Management System, Property Lot Management System | 2024-10-24 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through 4.2.38. | ||||
| CVE-2024-49332 | 2 Giveaway Boost, Giveawayboost | 2 Giveaway Boost, Giveaway Boost | 2024-10-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Giveaway Boost allows Object Injection.This issue affects Giveaway Boost: from n/a through 2.1.4. | ||||
| CVE-2024-49607 | 2 Redwan Hilali, Redwanhilali | 2 Wp Dropbox Dropins, Wp Dropbox Dropins | 2024-10-24 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0. | ||||
| CVE-2024-49608 | 1 Gerryntabuhashe | 1 Gerryworks Post By Mail | 2024-10-24 | 8.8 High |
| : Incorrect Privilege Assignment vulnerability in Gerry Ntabuhashe GERRYWORKS Post by Mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through 1.0. | ||||
| CVE-2024-49610 | 2 Jack Zhu, Jackzhu | 2 Photokit, Photokit | 2024-10-24 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Jack Zhu allows Upload a Web Shell to a Web Server.This issue affects photokit: from n/a through 1.0. | ||||
| CVE-2024-49621 | 1 Apa | 1 Apa Register Newsletter Form | 2024-10-24 | 8.2 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Apa APA Register Newsletter Form allows SQL Injection.This issue affects APA Register Newsletter Form: from n/a through 1.0.0. | ||||
| CVE-2024-49612 | 1 Infotuts | 1 Sw Contact Form | 2024-10-24 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infotuts SW Contact Form allows Blind SQL Injection.This issue affects SW Contact Form: from n/a through 1.0. | ||||
| CVE-2024-49609 | 1 Brandonwhite | 1 Author Discussion | 2024-10-24 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brandon White Author Discussion allows Blind SQL Injection.This issue affects Author Discussion: from n/a through 0.2.2. | ||||
| CVE-2024-49605 | 1 Avchat.net | 1 Avchat Video Chat | 2024-10-24 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Avchat.Net AVChat Video Chat allows Stored XSS.This issue affects AVChat Video Chat: from n/a through 2.2. | ||||
| CVE-2024-49335 | 1 Edush Maxim | 1 Googledrive Folder List | 2024-10-24 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Edush Maxim GoogleDrive folder list allows Stored XSS.This issue affects GoogleDrive folder list: from n/a through 2.2.2. | ||||
| CVE-2024-47325 | 1 Themeisle | 1 Multiple Page Generator | 2024-10-24 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7. | ||||
| CVE-2024-48657 | 2 Itsourcecode, Princelycesar | 2 Hospital Management System, Hospital Management System | 2024-10-24 | 8.1 High |
| SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. | ||||
| CVE-2024-48656 | 2 Angeljudesuarez, Itsourcecode | 2 Student Management System, Student Management System | 2024-10-24 | 5.4 Medium |
| Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. | ||||
| CVE-2024-49625 | 2 Brandon Clark, Brandonclark | 2 Site Builder Dynamic Components, Sitebuilder Dynamic Components | 2024-10-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Brandon Clark SiteBuilder Dynamic Components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through 1.0. | ||||
| CVE-2024-49624 | 1 Smartdevth | 1 Advanced Advertising System | 2024-10-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Smartdevth Advanced Advertising System allows Object Injection.This issue affects Advanced Advertising System: from n/a through 1.3.1. | ||||
| CVE-2024-10195 | 1 Tecno-mobile | 2 4g Portable Wifi Tr118, 4g Portable Wifi Tr118 Firmware | 2024-10-24 | 4.7 Medium |
| A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by leads to sql injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||