Vulnerabilities (CVE)

Total 364556 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-48769 2026-07-05 N/A 9.1 CRITICAL
An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process.
CVE-2024-48729 2026-07-05 N/A 7.1 HIGH
An issue in ETSI Open-Source MANO (OSM) 14.0.x before 14.0.3, 15.0.x before 15.0.2, 16.0.0, and 17.0.0 allows a remote authenticated attacker to escalate privileges via the /osm/admin/v1/users component.
CVE-2024-48197 2026-07-05 N/A 4.7 MEDIUM
Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface.
CVE-2024-44807 2026-07-05 N/A 5.3 MEDIUM
A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition before 2.25.1 allows remote attackers to obtain sensitive information by exposing a list of the uploaded files.
CVE-2024-42831 2026-07-05 N/A 6.1 MEDIUM
A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a crafted payload into the dialog parameter at wrapper_dialog.php.
CVE-2024-41446 1 Alkacon 1 Opencms 2026-07-05 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function.
CVE-2024-38891 1 Horizoncloud 1 Caterease 2026-07-05 N/A 7.5 HIGH
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information.
CVE-2024-38889 1 Horizoncloud 1 Caterease 2026-07-05 N/A 9.8 CRITICAL
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform SQL Injection due to improper neutralization of special elements used in an SQL command.
CVE-2024-38888 1 Horizoncloud 1 Caterease 2026-07-05 N/A 6.8 MEDIUM
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform a Password Brute Forcing attack due to improper restriction of excessive authentication attempts.
CVE-2024-38887 1 Horizoncloud 1 Caterease 2026-07-05 N/A 9.8 CRITICAL
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary privileges.
CVE-2024-38886 1 Horizoncloud 1 Caterease 2026-07-05 N/A 9.8 CRITICAL
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel.
CVE-2024-38885 1 Horizoncloud 1 Caterease 2026-07-05 N/A 7.5 HIGH
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform unauthorized access using known operating system credentials due to hardcoded SQL user credentials in the client application.
CVE-2024-38884 1 Horizoncloud 1 Caterease 2026-07-05 N/A 7.8 HIGH
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform an Authentication Bypass attack due to improperly implemented security checks for standard authentication mechanisms
CVE-2024-38883 1 Horizoncloud 1 Caterease 2026-07-05 N/A 9.1 CRITICAL
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Drop Encryption Level attack due to the selection of a less-secure algorithm during negotiation.
CVE-2024-38882 1 Horizoncloud 1 Caterease 2026-07-05 N/A 9.8 CRITICAL
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command.
CVE-2024-38881 1 Horizoncloud 1 Caterease 2026-07-05 N/A 7.5 HIGH
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user passwords.
CVE-2024-35584 1 Os4ed 1 Opensis 2026-07-05 N/A 8.8 HIGH
SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier versions. It is possible for an authenticated user to perform SQL Injection due to the lack to sanitisation. The application takes arbitrary value from "X-Forwarded-For" header and appends it to a SQL INSERT statement directly, leading to SQL Injection.
CVE-2024-34336 1 Ordat 1 Ordat.erp 2026-07-05 N/A 5.3 MEDIUM
User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality.
CVE-2024-34335 1 Ordat 1 Ordat.erp 2026-07-05 N/A 6.1 MEDIUM
ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page.
CVE-2024-34334 1 Ordat 1 Ordat.erp 2026-07-05 N/A 7.5 HIGH
ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function.