Total
364556 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-48769 | 2026-07-05 | N/A | 9.1 CRITICAL | ||
| An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process. | |||||
| CVE-2024-48729 | 2026-07-05 | N/A | 7.1 HIGH | ||
| An issue in ETSI Open-Source MANO (OSM) 14.0.x before 14.0.3, 15.0.x before 15.0.2, 16.0.0, and 17.0.0 allows a remote authenticated attacker to escalate privileges via the /osm/admin/v1/users component. | |||||
| CVE-2024-48197 | 2026-07-05 | N/A | 4.7 MEDIUM | ||
| Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface. | |||||
| CVE-2024-44807 | 2026-07-05 | N/A | 5.3 MEDIUM | ||
| A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition before 2.25.1 allows remote attackers to obtain sensitive information by exposing a list of the uploaded files. | |||||
| CVE-2024-42831 | 2026-07-05 | N/A | 6.1 MEDIUM | ||
| A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a crafted payload into the dialog parameter at wrapper_dialog.php. | |||||
| CVE-2024-41446 | 1 Alkacon | 1 Opencms | 2026-07-05 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function. | |||||
| CVE-2024-38891 | 1 Horizoncloud | 1 Caterease | 2026-07-05 | N/A | 7.5 HIGH |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information. | |||||
| CVE-2024-38889 | 1 Horizoncloud | 1 Caterease | 2026-07-05 | N/A | 9.8 CRITICAL |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform SQL Injection due to improper neutralization of special elements used in an SQL command. | |||||
| CVE-2024-38888 | 1 Horizoncloud | 1 Caterease | 2026-07-05 | N/A | 6.8 MEDIUM |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform a Password Brute Forcing attack due to improper restriction of excessive authentication attempts. | |||||
| CVE-2024-38887 | 1 Horizoncloud | 1 Caterease | 2026-07-05 | N/A | 9.8 CRITICAL |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary privileges. | |||||
| CVE-2024-38886 | 1 Horizoncloud | 1 Caterease | 2026-07-05 | N/A | 9.8 CRITICAL |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel. | |||||
| CVE-2024-38885 | 1 Horizoncloud | 1 Caterease | 2026-07-05 | N/A | 7.5 HIGH |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform unauthorized access using known operating system credentials due to hardcoded SQL user credentials in the client application. | |||||
| CVE-2024-38884 | 1 Horizoncloud | 1 Caterease | 2026-07-05 | N/A | 7.8 HIGH |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform an Authentication Bypass attack due to improperly implemented security checks for standard authentication mechanisms | |||||
| CVE-2024-38883 | 1 Horizoncloud | 1 Caterease | 2026-07-05 | N/A | 9.1 CRITICAL |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Drop Encryption Level attack due to the selection of a less-secure algorithm during negotiation. | |||||
| CVE-2024-38882 | 1 Horizoncloud | 1 Caterease | 2026-07-05 | N/A | 9.8 CRITICAL |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command. | |||||
| CVE-2024-38881 | 1 Horizoncloud | 1 Caterease | 2026-07-05 | N/A | 7.5 HIGH |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user passwords. | |||||
| CVE-2024-35584 | 1 Os4ed | 1 Opensis | 2026-07-05 | N/A | 8.8 HIGH |
| SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier versions. It is possible for an authenticated user to perform SQL Injection due to the lack to sanitisation. The application takes arbitrary value from "X-Forwarded-For" header and appends it to a SQL INSERT statement directly, leading to SQL Injection. | |||||
| CVE-2024-34336 | 1 Ordat | 1 Ordat.erp | 2026-07-05 | N/A | 5.3 MEDIUM |
| User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality. | |||||
| CVE-2024-34335 | 1 Ordat | 1 Ordat.erp | 2026-07-05 | N/A | 6.1 MEDIUM |
| ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page. | |||||
| CVE-2024-34334 | 1 Ordat | 1 Ordat.erp | 2026-07-05 | N/A | 7.5 HIGH |
| ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function. | |||||
