Total 279546 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-48826 1 Tenda 1 Ac7 Firmware 2024-10-29 8 High
Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code.
CVE-2024-48825 1 Tenda 1 Ac7 Firmware 2024-10-29 8 High
Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote attackers to execute arbitrary code.
CVE-2024-48743 1 Tektronix 1 Sentry 2024-10-29 6.5 Medium
Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter.
CVE-2024-48700 1 Kliqqi 1 Kliqqi Cms 2024-10-29 7.2 High
Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the edit_page.php component.
CVE-2024-48343 2024-10-29 6.3 Medium
A SQL Injection vulnerability in ESAFENET CDG 5 and earlier allows an attacker to execute arbitrary code via the id parameter of the dataSearch.jsp page.
CVE-2024-48239 1 Wtcms Project 1 Wtcms 2024-10-29 4.8 Medium
An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS).
CVE-2024-48238 1 Wtcms Project 1 Wtcms 2024-10-29 4.7 Medium
WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parameter.
CVE-2024-48236 1 Ofcms Project 1 Ofcms 2024-10-29 6.5 Medium
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\FileUtils.java file
CVE-2024-48235 1 Ofcms Project 1 Ofcms 2024-10-29 6.5 Medium
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file.
CVE-2024-48234 1 Mipjz Project 1 Mipjz 2024-10-29 4.9 Medium
An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in Server-side request forgery (SSRF) vulnerability that can read server files.
CVE-2023-25189 2024-10-29 3.3 Low
BTS is affected by information disclosure vulnerability where mobile network operator personnel connected over BTS Web Element Manager, regardless of the access privileges, having a possibility to read BTS service operation details performed by Nokia Care service personnel via SSH.
CVE-2023-20513 2024-10-29 3.3 Low
An insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize a malicious VF (virtualization function) to send a malformed message, potentially resulting in a denial of service.
CVE-2024-50434 1 Themehorse 1 Newscard 2024-10-29 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Theme Horse NewsCard.This issue affects NewsCard: from n/a through 1.3.
CVE-2024-50435 1 Themehorse 1 Meta News 2024-10-29 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Theme Horse Meta News.This issue affects Meta News: from n/a through 1.1.7.
CVE-2024-50436 1 Themehorse 1 Clean Retina 2024-10-29 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Theme Horse Clean Retina.This issue affects Clean Retina: from n/a through 3.0.6.
CVE-2024-10008 1 Masteriyo 1 Masteriyo 2024-10-29 8.8 High
The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint in all versions up to, and including, 1.13.3. This makes it possible for authenticated attackers, with student-level access and above, to modify the roles of arbitrary users. As a result, attackers can escalate their privileges to the Administrator and demote existing administrators to students.
CVE-2024-50494 1 Amin Omer 1 Wc Sudan Payment Gateway 2024-10-29 10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Amin Omer Sudan Payment Gateway for WooCommerce allows Upload a Web Shell to a Web Server.This issue affects Sudan Payment Gateway for WooCommerce: from n/a through 1.2.2.
CVE-2024-50493 1 Masterhomepage 1 Automatic Translation 2024-10-29 10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through 1.0.4.
CVE-2024-50484 1 Mahlamusa 1 Multi Purpose Mail Form 2024-10-29 10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2.
CVE-2024-10276 1 Telestream 1 Sentry 2024-10-29 3.5 Low
A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.