Total
277445 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49606 | 1 Dotsquares | 1 Google Map Locations | 2024-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dotsquares Google Map Locations allows Reflected XSS.This issue affects Google Map Locations: from n/a through 1.0. | ||||
| CVE-2024-49604 | 2 Najeeb Ahmad, Najeebmedia | 2 Simple User Registration, Simple User Registration | 2024-10-23 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5. | ||||
| CVE-2024-46236 | 1 Codeastro | 1 Membership Management System | 2024-10-23 | 5.4 Medium |
| CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the address parameter in add_members.php and edit_member.php. | ||||
| CVE-2024-46238 | 1 Phpgurukul | 1 Hospital Management System | 2024-10-23 | 5.9 Medium |
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /admin/add-doctor.php and /admin/edit-doctor.php | ||||
| CVE-2024-48709 | 1 Codeastro | 1 Membership Management System | 2024-10-23 | 5.4 Medium |
| CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the membershipType parameter in edit_type.php | ||||
| CVE-2024-46239 | 1 Phpgurukul | 1 Hospital Management System | 2024-10-23 | 5.9 Medium |
| Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php and adminremark parameter in /admin/query-details.php. | ||||
| CVE-2024-46326 | 1 Pkp | 1 Pkb-lib | 2024-10-23 | 6.1 Medium |
| Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function. | ||||
| CVE-2024-47912 | 1 Mitel | 1 Micollab | 2024-10-23 | 8.2 High |
| A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms. A successful exploit could allow an attacker to access and delete sensitive information. | ||||
| CVE-2024-41714 | 1 Mitel | 2 Micollab, Mivoice Business Solutions Virtual Instance | 2024-10-23 | 8.8 High |
| A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system. | ||||
| CVE-2024-41717 | 1 Kieback\&peter | 10 Ddc4002 Firmware, Ddc4002e Firmware, Ddc4020e Firmware and 7 more | 2024-10-23 | 9.8 Critical |
| Kieback & Peter's DDC4000 seriesĀ is vulnerable to a path traversal vulnerability, which may allow an unauthenticated attacker to read files on the system. | ||||
| CVE-2024-43698 | 1 Kieback\&peter | 10 Ddc4002 Firmware, Ddc4002e Firmware, Ddc4020e Firmware and 7 more | 2024-10-23 | 9.8 Critical |
| Kieback & Peter's DDC4000 seriesĀ uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system. | ||||
| CVE-2024-47223 | 1 Mitel | 1 Micollab | 2024-10-23 | 9.4 Critical |
| A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access non-sensitive user provisioning information and execute arbitrary SQL database commands. | ||||
| CVE-2024-48597 | 1 Online Clinic Management System Project | 1 Online Clinic Management System | 2024-10-23 | 8.1 High |
| Online Clinic Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /success/editp.php?action=edit. | ||||
| CVE-2024-48659 | 1 Dcnglobal | 1 Dcme-320-l Firmware | 2024-10-23 | 9.8 Critical |
| An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component. | ||||
| CVE-2024-48904 | 1 Trendmicro | 1 Cloud Edge | 2024-10-23 | 9.8 Critical |
| An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Please note: authentication is not required in order to exploit this vulnerability. | ||||
| CVE-2024-10183 | 2024-10-23 | N/A | ||
| A vulnerability in Jamf Pro's Jamf Remote Assist tool allows a local, non-privileged user to escalate their privileges to root on MacOS systems. | ||||
| CVE-2024-35285 | 1 Mitel | 1 Micollab Nupoint Messanger | 2024-10-23 | 9.8 Critical |
| A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. | ||||
| CVE-2024-39753 | 1 Trendmicro | 1 Apex One | 2024-10-23 | 7.5 High |
| An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2024-40084 | 1 Viloliving | 1 Vilo 5 Mesh Wifi System Firmware | 2024-10-23 | 9.6 Critical |
| A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths. | ||||
| CVE-2024-40086 | 1 Viloliving | 1 Vilo 5 Mesh Wifi System Firmware | 2024-10-23 | 9.6 Critical |
| A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than 64 bytes in length. | ||||