Total
343733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43400 | 1 Xwiki | 1 Xwiki | 2024-08-20 | N/A | 5.4 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. | |||||
| CVE-2024-43401 | 1 Xwiki | 1 Xwiki | 2024-08-20 | N/A | 8.0 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit time. This vulnerability has been patched in XWiki 15.10RC1. | |||||
| CVE-2024-7924 | 1 Zzcms | 1 Zzcms | 2024-08-20 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in ZZCMS 2023. It has been declared as critical. This vulnerability affects unknown code of the file /I/list.php. The manipulation of the argument skin leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7925 | 1 Zzcms | 1 Zzcms | 2024-08-20 | 4.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in ZZCMS 2023. It has been rated as problematic. This issue affects some unknown processing of the file 3/E_bak5.1/upload/eginfo.php. The manipulation of the argument phome with the input ShowPHPInfo leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7453 | 1 Fastadmin | 1 Fastadmin | 2024-08-20 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability was found in FastAdmin 1.5.0.20240328. It has been declared as problematic. This vulnerability affects unknown code of the file /[admins_url].php/general/attachment/edit/ids/4?dialog=1 of the component Attachment Management Section. The manipulation of the argument row[url]/row[imagewidth]/row[imageheight] leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273544. | |||||
| CVE-2024-7827 | 2024-08-20 | N/A | 8.8 HIGH | ||
| The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to boolean-based SQL Injection via the ‘model_number’ parameter in all versions up to, and including, 5.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-43326 | 2024-08-20 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Jamie Bergen Plugin Notes Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Plugin Notes Plus: from n/a through 1.2.7. | |||||
| CVE-2024-6918 | 2024-08-20 | N/A | 7.5 HIGH | ||
| CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause a crash of the Accutech Manager when receiving a specially crafted request over port 2536/TCP. | |||||
| CVE-2024-25009 | 2024-08-20 | N/A | 6.5 MEDIUM | ||
| Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in service degradation. | |||||
| CVE-2024-43311 | 2024-08-20 | N/A | 9.8 CRITICAL | ||
| Improper Privilege Management vulnerability in Geek Code Lab Login As Users allows Privilege Escalation.This issue affects Login As Users: from n/a through 1.4.2. | |||||
| CVE-2024-7850 | 2024-08-20 | N/A | 6.1 MEDIUM | ||
| The BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.7.5. This is due to missing or incorrect nonce validation on the bps_ajax_field_selector(), bps_ajax_template_options(), and bps_ajax_field_row() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-43345 | 2024-08-20 | N/A | 7.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PluginOps Landing Page Builder allows PHP Local File Inclusion.This issue affects Landing Page Builder: from n/a through 1.5.2.0. | |||||
| CVE-2024-42757 | 2024-08-20 | N/A | 9.8 CRITICAL | ||
| Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page. | |||||
| CVE-2024-7686 | 1 Mayurik | 1 Advocate Office Management System | 2024-08-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This affects an unknown part of the file register_case.php. The manipulation of the argument title/description/opposite_lawyer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7685 | 1 Mayurik | 1 Advocate Office Management System | 2024-08-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file adds.php. The manipulation of the argument name/dob/email/mobile/address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7684 | 1 Mayurik | 1 Advocate Office Management System | 2024-08-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add_act.php. The manipulation of the argument aname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7683 | 1 Mayurik | 1 Advocate Office Management System | 2024-08-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file addcase_stage.php. The manipulation of the argument cname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7839 | 1 Angeljudesuarez | 1 Billing System | 2024-08-19 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in itsourcecode Billing System 1.0. This affects an unknown part of the file addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-43810 | 1 Jetbrains | 1 Teamcity | 2024-08-19 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin | |||||
| CVE-2024-43809 | 1 Jetbrains | 1 Teamcity | 2024-08-19 | N/A | 6.1 MEDIUM |
| In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page | |||||