Total
343987 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8340 | 1 Oretnom23 | 1 Electric Billing Management System | 2024-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Electric Billing Management System 1.0. This affects an unknown part of the file /Actions.php?a=login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8339 | 1 Oretnom23 | 1 Electric Billing Management System | 2024-09-04 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Electric Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /?page=tracks of the component Connection Code Handler. The manipulation of the argument code leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8336 | 1 Oretnom23 | 1 Music Gallery Site | 2024-09-04 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. Affected by this vulnerability is an unknown functionality of the file /php-music/classes/Master.php?f=delete_music. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-41372 | 1 Organizr | 1 Organizr | 2024-09-04 | N/A | 9.8 CRITICAL |
| Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php. | |||||
| CVE-2024-41371 | 1 Organizr | 1 Organizr | 2024-09-04 | N/A | 6.1 MEDIUM |
| Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php. | |||||
| CVE-2024-41370 | 1 Organizr | 1 Organizr | 2024-09-04 | N/A | 9.8 CRITICAL |
| Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php. | |||||
| CVE-2024-41351 | 1 Baijunyao | 1 Bjyadmin | 2024-09-04 | N/A | 6.1 MEDIUM |
| bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/getContent.php | |||||
| CVE-2024-41350 | 1 Baijunyao | 1 Bjyadmin | 2024-09-04 | N/A | 6.1 MEDIUM |
| bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/imageUp.php | |||||
| CVE-2024-43965 | 1 Smackcoders | 1 Sendgrid | 2024-09-04 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4. | |||||
| CVE-2024-6671 | 1 Progress | 1 Whatsup Gold | 2024-09-04 | N/A | 9.8 CRITICAL |
| In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. | |||||
| CVE-2024-8389 | 1 Mozilla | 1 Firefox | 2024-09-04 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130. | |||||
| CVE-2024-44921 | 1 Seacms | 1 Seacms | 2024-09-04 | N/A | 9.8 CRITICAL |
| SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del. | |||||
| CVE-2024-44920 | 1 Seacms | 1 Seacms | 2024-09-04 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter. | |||||
| CVE-2024-8004 | 1 3ds | 1 3dexperience Enovia | 2024-09-04 | N/A | 5.4 MEDIUM |
| A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2024-7938 | 1 3ds | 1 3dexperience | 2024-09-04 | N/A | 5.4 MEDIUM |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2024-38858 | 1 Checkmk | 1 Checkmk | 2024-09-04 | N/A | 6.1 MEDIUM |
| Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view. | |||||
| CVE-2024-8365 | 1 Hashicorp | 1 Vault | 2024-09-04 | N/A | 6.5 MEDIUM |
| Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9. | |||||
| CVE-2024-44809 | 2024-09-04 | N/A | 9.8 CRITICAL | ||
| A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the "position" GET parameter in the tilt.php script. An attacker can exploit this by sending crafted input data that includes malicious command sequences, allowing arbitrary commands to be executed on the server with the privileges of the web server user. This vulnerability is exploitable remotely and poses significant risk if the application is exposed to untrusted networks. | |||||
| CVE-2024-5024 | 1 Memberpress | 1 Memberpress | 2024-09-04 | N/A | 6.1 MEDIUM |
| The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mepr_screenname' and 'mepr_key' parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-2881 | 3 Linux, Microsoft, Wolfssl | 3 Linux Kernel, Windows, Wolfssl | 2024-09-04 | N/A | 8.8 HIGH |
| Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure. | |||||