Total
281580 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-52402 | 1 Cliconomics | 1 Exclusive Content Password Protect | 2024-11-19 | 9.6 Critical |
Cross-Site Request Forgery (CSRF) vulnerability in Cliconomics Exclusive Content Password Protect allows Upload a Web Shell to a Web Server.This issue affects Exclusive Content Password Protect: from n/a through 1.1.0. | ||||
CVE-2024-11247 | 2 Oretnom23, Sourcecodester | 2 Online Eyewear Shop, Online Eyewear Shop | 2024-11-19 | 3.5 Low |
A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Inventory Page. The manipulation of the argument brand leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
CVE-2024-11248 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2024-11-19 | 8.8 High |
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-39726 | 3 Ibm, Linux, Microsoft | 4 Engineering Insights, Engineering Lifecycle Optimization - Engineering Insights, Linux Kernel and 1 more | 2024-11-19 | 8.2 High |
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
CVE-2024-11256 | 1 1000projects | 1 Portfolio Management System Mca | 2024-11-19 | 7.3 High |
A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-11259 | 1 Code-projects | 1 Farmacia | 2024-11-19 | 3.5 Low |
A vulnerability, which was classified as problematic, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /fornecedores.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-46613 | 1 Weechat | 1 Weechat | 2024-11-19 | 4.3 Medium |
WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list. This affects string_free_split_shared , string_free_split, string_free_split_command, and string_free_split_tags. | ||||
CVE-2024-27532 | 1 Bytecodealliance | 1 Webassembly Micro Runtime | 2024-11-19 | 7.5 High |
wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable to NULL Pointer Dereference in function `block_type_get_result_types. | ||||
CVE-2024-9609 | 1 Thimpress | 1 Learnpress Export Import | 2024-11-19 | 6.1 Medium |
The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'learnpress_import_form_server' parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
CVE-2024-10113 | 1 Wpeka | 1 Wp Adcenter | 2024-11-19 | 6.4 Medium |
The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpadcenter_ad shortcode in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
CVE-2024-11257 | 1 1000projects | 1 Beauty Parlour Management System | 2024-11-19 | 7.3 High |
A vulnerability classified as critical has been found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-11258 | 1 1000projects | 1 Beauty Parlour Management System | 2024-11-19 | 7.3 High |
A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-45609 | 1 Glpi-project | 1 Glpi | 2024-11-19 | 6.5 Medium |
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the reports pages. Upgrade to 10.0.17. | ||||
CVE-2024-49536 | 3 Adobe, Apple, Microsoft | 3 Audition, Macos, Windows | 2024-11-19 | 5.5 Medium |
Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-10260 | 1 Tripetto | 1 Tripetto | 2024-11-19 | 7.2 High |
The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the file. | ||||
CVE-2024-10582 | 1 Smartwpress | 1 Music Player For Elementor | 2024-11-19 | 4.3 Medium |
The Music Player for Elementor – Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_mpfe_template() function in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import templates. | ||||
CVE-2024-10793 | 1 Melapress | 1 Wp Activity Log | 2024-11-19 | 7.2 High |
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page. | ||||
CVE-2024-45610 | 1 Glpi-project | 1 Glpi | 2024-11-19 | 6.5 Medium |
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Cable form. Upgrade to 10.0.17. | ||||
CVE-2024-45611 | 1 Glpi-project | 1 Glpi | 2024-11-19 | 5.7 Medium |
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control policy to create a private RSS feed attached to another user account and use a malicious payload to triggger a stored XSS. Upgrade to 10.0.17. | ||||
CVE-2024-44546 | 1 Powerjob | 1 Powerjob | 2024-11-19 | 9.8 Critical |
Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter. |