Total
279546 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-48826 | 1 Tenda | 1 Ac7 Firmware | 2024-10-29 | 8 High |
Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code. | ||||
CVE-2024-48825 | 1 Tenda | 1 Ac7 Firmware | 2024-10-29 | 8 High |
Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote attackers to execute arbitrary code. | ||||
CVE-2024-48743 | 1 Tektronix | 1 Sentry | 2024-10-29 | 6.5 Medium |
Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter. | ||||
CVE-2024-48700 | 1 Kliqqi | 1 Kliqqi Cms | 2024-10-29 | 7.2 High |
Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the edit_page.php component. | ||||
CVE-2024-48343 | 2024-10-29 | 6.3 Medium | ||
A SQL Injection vulnerability in ESAFENET CDG 5 and earlier allows an attacker to execute arbitrary code via the id parameter of the dataSearch.jsp page. | ||||
CVE-2024-48239 | 1 Wtcms Project | 1 Wtcms | 2024-10-29 | 4.8 Medium |
An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS). | ||||
CVE-2024-48238 | 1 Wtcms Project | 1 Wtcms | 2024-10-29 | 4.7 Medium |
WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parameter. | ||||
CVE-2024-48236 | 1 Ofcms Project | 1 Ofcms | 2024-10-29 | 6.5 Medium |
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\FileUtils.java file | ||||
CVE-2024-48235 | 1 Ofcms Project | 1 Ofcms | 2024-10-29 | 6.5 Medium |
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file. | ||||
CVE-2024-48234 | 1 Mipjz Project | 1 Mipjz | 2024-10-29 | 4.9 Medium |
An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in Server-side request forgery (SSRF) vulnerability that can read server files. | ||||
CVE-2023-25189 | 2024-10-29 | 3.3 Low | ||
BTS is affected by information disclosure vulnerability where mobile network operator personnel connected over BTS Web Element Manager, regardless of the access privileges, having a possibility to read BTS service operation details performed by Nokia Care service personnel via SSH. | ||||
CVE-2023-20513 | 2024-10-29 | 3.3 Low | ||
An insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize a malicious VF (virtualization function) to send a malformed message, potentially resulting in a denial of service. | ||||
CVE-2024-50434 | 1 Themehorse | 1 Newscard | 2024-10-29 | 7.5 High |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Theme Horse NewsCard.This issue affects NewsCard: from n/a through 1.3. | ||||
CVE-2024-50435 | 1 Themehorse | 1 Meta News | 2024-10-29 | 7.5 High |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Theme Horse Meta News.This issue affects Meta News: from n/a through 1.1.7. | ||||
CVE-2024-50436 | 1 Themehorse | 1 Clean Retina | 2024-10-29 | 7.5 High |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Theme Horse Clean Retina.This issue affects Clean Retina: from n/a through 3.0.6. | ||||
CVE-2024-10008 | 1 Masteriyo | 1 Masteriyo | 2024-10-29 | 8.8 High |
The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint in all versions up to, and including, 1.13.3. This makes it possible for authenticated attackers, with student-level access and above, to modify the roles of arbitrary users. As a result, attackers can escalate their privileges to the Administrator and demote existing administrators to students. | ||||
CVE-2024-50494 | 1 Amin Omer | 1 Wc Sudan Payment Gateway | 2024-10-29 | 10 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in Amin Omer Sudan Payment Gateway for WooCommerce allows Upload a Web Shell to a Web Server.This issue affects Sudan Payment Gateway for WooCommerce: from n/a through 1.2.2. | ||||
CVE-2024-50493 | 1 Masterhomepage | 1 Automatic Translation | 2024-10-29 | 10 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through 1.0.4. | ||||
CVE-2024-50484 | 1 Mahlamusa | 1 Multi Purpose Mail Form | 2024-10-29 | 10 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2. | ||||
CVE-2024-10276 | 1 Telestream | 1 Sentry | 2024-10-29 | 3.5 Low |
A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |