Total
276814 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43317 | 2024-08-20 | 4.3 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Metagauss User Registration Team RegistrationMagic allows Cross-Site Scripting (XSS).This issue affects RegistrationMagic: from n/a through 6.0.1.0. | ||||
| CVE-2024-42813 | 1 Trendnet | 1 Tew-752dru Firmware | 2024-08-20 | 9.8 Critical |
| In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. | ||||
| CVE-2024-25009 | 2024-08-20 | 6.5 Medium | ||
| Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in service degradation. | ||||
| CVE-2024-35538 | 1 Typecho | 1 Typecho | 2024-08-20 | 5.3 Medium |
| Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests. | ||||
| CVE-2024-38810 | 2024-08-20 | 6.5 Medium | ||
| Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective. | ||||
| CVE-2024-42554 | 1 Hotel Management System Project | 1 Hotel Management System | 2024-08-20 | 8.8 High |
| Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_added.php. | ||||
| CVE-2024-42561 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2024-08-20 | 8.8 High |
| Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at sales_report.php. | ||||
| CVE-2024-42571 | 1 School Management System Project | 1 School Management System | 2024-08-20 | 9.8 Critical |
| School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php. | ||||
| CVE-2024-42578 | 1 Oswapp | 1 Warehouse Inventory System | 2024-08-20 | 8 High |
| A Cross-Site Request Forgery (CSRF) in the component edit_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | ||||
| CVE-2024-42476 | 2024-08-20 | 6.5 Medium | ||
| In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the `state` parameter to prevent cross-site request forgery (CSRF) attacks where a resource owner might have their session associated with protected resources belonging to an attacker. When this project is compiled with certain compiler flags set, it is possible that the `state` parameter will not be checked at all, creating a CSRF vulnerability. Version 0.11 checks the `state` parameter using a regular `if` statement or `doAssert` instead of relying on a plain `assert`. `doAssert` will achieve the desired behavior even if `-d:danger` or `--assertions:off` is set. | ||||
| CVE-2024-42757 | 1 Asus | 1 Rt-n15u Firmware | 2024-08-20 | 9.8 Critical |
| Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page. | ||||
| CVE-2024-7812 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2024-08-20 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Best House Rental Management System 1.0. This vulnerability affects unknown code of the file /rental_0/rental/ajax.php?action=save_tenant of the component POST Parameter Handler. The manipulation of the argument lastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7810 | 2 Sourcecodester, Tamparongj 03 | 2 Online Graduate Tracer System, Online Graduate Tracer System | 2024-08-20 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tracking/admin/view_itprofile.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-27728 | 1 Friendica | 1 Friendica | 2024-08-20 | 6.1 Medium |
| Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature. | ||||
| CVE-2024-43245 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2024-08-20 | 9.8 Critical |
| Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This issue affects JobSearch: from n/a through 2.3.4. | ||||
| CVE-2024-43271 | 1 Themelocation | 1 Widgets For Woocommerce Products On Elementor | 2024-08-20 | 8.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themelocation Woo Products Widgets For Elementor allows PHP Local File Inclusion.This issue affects Woo Products Widgets For Elementor: from n/a through 2.0.0. | ||||
| CVE-2024-7686 | 2 Mayurik, Sourcecodester | 2 Advocate Office Management System, Kortex Lite Advocate Office Management System | 2024-08-20 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This affects an unknown part of the file register_case.php. The manipulation of the argument title/description/opposite_lawyer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7685 | 2 Mayurik, Sourcecodester | 2 Advocate Office Management System, Kortex Lite Advocate Office Management System | 2024-08-20 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file adds.php. The manipulation of the argument name/dob/email/mobile/address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7684 | 1 Mayurik | 1 Advocate Office Management System | 2024-08-20 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add_act.php. The manipulation of the argument aname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7683 | 2 Mayurik, Sourcecodester | 2 Advocate Office Management System, Kortex Lite Advocate Office Management System | 2024-08-20 | 3.5 Low |
| A vulnerability classified as problematic has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file addcase_stage.php. The manipulation of the argument cname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||