Search Results (26968 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-8469 1 Phpgurukul 1 Job Portal 2024-09-06 9.8 Critical
SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/employee/index.php, and retrieve all the information stored in it.
CVE-2024-8468 1 Phpgurukul 1 Job Portal 2024-09-06 9.8 Critical
SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it.
CVE-2024-8467 1 Phpgurukul 1 Job Portal 2024-09-06 9.8 Critical
SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it.
CVE-2024-8466 1 Phpgurukul 1 Job Portal 2024-09-06 9.8 Critical
SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in it.
CVE-2024-8465 1 Phpgurukul 1 Job Portal 2024-09-06 9.8 Critical
SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it.
CVE-2024-8464 1 Phpgurukul 1 Job Portal 2024-09-06 9.8 Critical
SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information stored in it.
CVE-2024-41444 1 Seacms 1 Seacms 2024-09-05 9.8 Critical
SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so.
CVE-2024-45265 2 Skyss, Skysystem 2 Arfa-cms, Arfa Cms 2024-09-05 9.8 Critical
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter.
CVE-2024-42458 1 Any1 1 Neatvnc 2024-09-05 9.8 Critical
server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369.
CVE-2024-45522 1 Linen 1 Linen 2024-09-05 9.1 Critical
Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts.
CVE-2024-43360 1 Zoneminder 1 Zoneminder 2024-09-04 9.8 Critical
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.
CVE-2024-45509 1 Misp 1 Misp 2024-09-04 9.8 Critical
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin.
CVE-2024-45508 2 Htmldoc, Htmldoc Project 2 Htmldoc, Htmldoc 2024-09-04 9.8 Critical
HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.
CVE-2024-41364 1 Sourcefabric 2 Phoniebox, Rpi-jukebox-rfid 2024-09-04 9.8 Critical
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php
CVE-2024-41366 1 Sourcefabric 2 Phoniebox, Rpi-jukebox-rfid 2024-09-04 9.8 Critical
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\userScripts.php
CVE-2024-41367 1 Sourcefabric 2 Phoniebox, Rpi-jukebox-rfid 2024-09-04 9.8 Critical
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php
CVE-2024-41368 1 Sourcefabric 2 Phoniebox, Rpi-jukebox-rfid 2024-09-04 9.8 Critical
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php
CVE-2024-41361 1 Sourcefabric 2 Phoniebox, Rpi-jukebox-rfid 2024-09-04 9.8 Critical
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php
CVE-2024-41369 1 Sourcefabric 2 Phoniebox, Rpi-jukebox-rfid 2024-09-04 9.8 Critical
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php
CVE-2024-41372 2 Causefx, Organizr 2 Organizr, Organizr 2024-09-04 9.8 Critical
Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php.