Lucene search

K

+F FS040U, +F FS020W, +F FS030W, And +F FS040W Security Vulnerabilities

cvelist
cvelist

CVE-2024-5237 Campcodes Complete Web-Based School Management System timetable_grade_wise.php sql injection

A vulnerability, which was classified as critical, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/timetable_grade_wise.php. The manipulation of the argument grade leads to sql injection. The attack....

7.6AI Score

0.0004EPSS

2024-05-23 05:31 AM
8
cve
cve

CVE-2024-5236

A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to sql injection. The attack can be...

6.3CVSS

7.4AI Score

0.0004EPSS

2024-05-23 05:15 AM
12
cve
cve

CVE-2024-5235

A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_invoice.php. The manipulation of the argument teacher_id leads to sql injection. It is possible to launch the attack.....

6.3CVSS

7.7AI Score

0.0004EPSS

2024-05-23 05:15 AM
10
cve
cve

CVE-2024-5233

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view/teacher_salary_details3.php. The manipulation of the argument index leads to sql injection. The attack can be...

6.3CVSS

7.8AI Score

0.0004EPSS

2024-05-23 05:15 AM
9
cve
cve

CVE-2024-4662

The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for lower privileged users, such as...

8.8CVSS

8.1AI Score

0.001EPSS

2024-05-23 05:15 AM
15
cve
cve

CVE-2024-5234

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /view/teacher_salary_history1.php. The manipulation of the argument index leads to sql injection. The attack may be...

6.3CVSS

7.7AI Score

0.0004EPSS

2024-05-23 05:15 AM
10
cve
cve

CVE-2023-6325

The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...

5.3CVSS

7.2AI Score

0.001EPSS

2024-05-23 05:15 AM
11
cvelist
cvelist

CVE-2024-5236 Campcodes Complete Web-Based School Management System teacher_salary_invoice1.php sql injection

A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to sql injection. The attack can be...

7.7AI Score

0.0004EPSS

2024-05-23 05:00 AM
11
cvelist
cvelist

CVE-2024-5235 Campcodes Complete Web-Based School Management System teacher_salary_invoice.php sql injection

A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_invoice.php. The manipulation of the argument teacher_id leads to sql injection. It is possible to launch the attack.....

7.7AI Score

0.0004EPSS

2024-05-23 05:00 AM
10
cvelist
cvelist

CVE-2024-5234 Campcodes Complete Web-Based School Management System teacher_salary_history1.php sql injection

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /view/teacher_salary_history1.php. The manipulation of the argument index leads to sql injection. The attack may be...

7.6AI Score

0.0004EPSS

2024-05-23 04:31 AM
9
cvelist
cvelist

CVE-2024-5233 Campcodes Complete Web-Based School Management System teacher_salary_details3.php sql injection

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view/teacher_salary_details3.php. The manipulation of the argument index leads to sql injection. The attack can be...

7.8AI Score

0.0004EPSS

2024-05-23 04:31 AM
11
cvelist
cvelist

CVE-2024-4662 Oxygen Builder <= 4.8.2 - Authenticated (Contributor+) Remote Code Execution

The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for lower privileged users, such as...

8.1AI Score

0.001EPSS

2024-05-23 04:30 AM
11
cvelist
cvelist

CVE-2023-6325 RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate

The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...

7.2AI Score

0.001EPSS

2024-05-23 04:30 AM
11
impervablog
impervablog

Frida-JIT-unPacker: An Imperva Contribution to the Security Research Community, Presented at Black Hat Asia 2024

In the ever-evolving landscape of cybersecurity threats, the battle against malicious bots is a critical concern for web applications. These bots, in addition to their ability to circumvent application security measures, are usually protected with advanced source code protection to prevent the...

7.2AI Score

2024-05-23 04:22 AM
7
cve
cve

CVE-2024-5232

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. This affects an unknown part of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to sql injection. It is possible to initiate the...

6.3CVSS

7.7AI Score

0.0004EPSS

2024-05-23 04:15 AM
8
cve
cve

CVE-2024-4431

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

6AI Score

0.001EPSS

2024-05-23 04:15 AM
7
nuclei
nuclei

QloApps 1.6.0 - SQL Injection

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameters date_from, date_to, and id_product allows a remote attacker to retrieve the contents of an entire...

8.2AI Score

0.001EPSS

2024-05-23 04:09 AM
openbugbounty
openbugbounty

psponline.com Cross Site Scripting vulnerability OBB-3930005

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-23 03:43 AM
5
openbugbounty
openbugbounty

chicagosluxurycondos.com Cross Site Scripting vulnerability OBB-3930004

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-23 03:38 AM
5
cvelist
cvelist

CVE-2024-4431 LA-Studio Element Kit for Elementor <= 1.3.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9AI Score

0.001EPSS

2024-05-23 03:31 AM
7
cvelist
cvelist

CVE-2024-5232 Campcodes Complete Web-Based School Management System teacher_salary_details2.php sql injection

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. This affects an unknown part of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to sql injection. It is possible to initiate the...

7.6AI Score

0.0004EPSS

2024-05-23 03:31 AM
7
cve
cve

CVE-2024-4895

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV import functionality in all versions up to, and including, 3.4.2.12 due to insufficient input sanitization and output escaping. This makes it.....

4.7CVSS

6.3AI Score

0.001EPSS

2024-05-23 03:15 AM
6
cve
cve

CVE-2024-5231

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to sql injection. The attack may be...

6.3CVSS

7.9AI Score

0.0004EPSS

2024-05-23 03:15 AM
5
cvelist
cvelist

CVE-2024-5231 Campcodes Complete Web-Based School Management System teacher_salary_details.php sql injection

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to sql injection. The attack may be...

7.4AI Score

0.0004EPSS

2024-05-23 03:00 AM
3
openbugbounty
openbugbounty

degotardicommercial.com.au Cross Site Scripting vulnerability OBB-3930003

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-23 02:42 AM
4
cvelist
cvelist

CVE-2024-4895 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.12 - Unauthenticated Stored Cross-Site Scripting via CSV Import

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV import functionality in all versions up to, and including, 3.4.2.12 due to insufficient input sanitization and output escaping. This makes it.....

6.2AI Score

0.001EPSS

2024-05-23 02:33 AM
3
cve
cve

CVE-2024-4783

The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

6AI Score

0.0004EPSS

2024-05-23 02:15 AM
5
cve
cve

CVE-2024-4978

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell...

8.4CVSS

7.3AI Score

0.0004EPSS

2024-05-23 02:15 AM
4
cve
cve

CVE-2024-5230

A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument razorpayKeyId leads to information disclosure. The attack can be launched remotely. It is recommended to...

5.3CVSS

6.8AI Score

0.0004EPSS

2024-05-23 02:15 AM
4
cve
cve

CVE-2023-6844

The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to and including 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

5CVSS

5.7AI Score

0.001EPSS

2024-05-23 02:15 AM
3
cve
cve

CVE-2024-3065

The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS

6AI Score

0.0004EPSS

2024-05-23 02:15 AM
2
cve
cve

CVE-2024-4486

The Awesome Contact Form7 for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'AEP Contact Form 7' widget in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....

6.4CVSS

6AI Score

0.0004EPSS

2024-05-23 02:15 AM
2
cve
cve

CVE-2024-1855

The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpc_check_for_submission function. This makes it possible for...

5.3CVSS

7.2AI Score

0.001EPSS

2024-05-23 02:15 AM
2
cve
cve

CVE-2024-3201

The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pp_link' shortcode in all versions up to, and including, 3.1.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

6AI Score

0.0004EPSS

2024-05-23 02:15 AM
1
cvelist
cvelist

CVE-2024-5230 EnvaySoft FleetCart information disclosure

A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument razorpayKeyId leads to information disclosure. The attack can be launched remotely. It is recommended to...

6.8AI Score

0.0004EPSS

2024-05-23 02:00 AM
3
cvelist
cvelist

CVE-2024-4978 Malicious Code in Justice AV Solutions (JAVS) Viewer

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell...

7.2AI Score

0.0004EPSS

2024-05-23 01:56 AM
1
cvelist
cvelist

CVE-2024-3201 WP DSGVO Tools (GDPR) <= 3.1.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pp_link' shortcode in all versions up to, and including, 3.1.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.9AI Score

0.0004EPSS

2024-05-23 01:56 AM
3
cvelist
cvelist

CVE-2023-6844 iframe <= 5.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to and including 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

4.8AI Score

0.001EPSS

2024-05-23 01:56 AM
2
cvelist
cvelist

CVE-2024-3065 PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Authenticated (Admin+) Stored Cross-Site Scripting

The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.9AI Score

0.0004EPSS

2024-05-23 01:56 AM
2
cvelist
cvelist

CVE-2024-4783 jQuery T(-) Countdown Widget <= 2.3.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via tminus Shortcode

The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.9AI Score

0.0004EPSS

2024-05-23 01:56 AM
1
cvelist
cvelist

CVE-2024-1855 WPCafe <= 2.2.23 - Unauthenticated Blind Server-Side Request Forgery

The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpc_check_for_submission function. This makes it possible for...

7.2AI Score

0.001EPSS

2024-05-23 01:56 AM
2
cvelist
cvelist

CVE-2024-4486 Awesome Contact Form7 for Elementor <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via AEP Contact Form 7 Widget

The Awesome Contact Form7 for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'AEP Contact Form 7' widget in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....

5.9AI Score

0.0004EPSS

2024-05-23 01:56 AM
2
openvas
openvas

Debian: Security Advisory (DSA-5696-1)

The remote host is missing an update for the...

7.5AI Score

2024-05-23 12:00 AM
openvas
openvas

Debian: Security Advisory (DSA-5695-1)

The remote host is missing an update for the...

7.5AI Score

0.0004EPSS

2024-05-23 12:00 AM
ubuntucve
ubuntucve

CVE-2021-47439

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Added the condition for scheduling ksz_mib_read_work When the ksz module is installed and removed using rmmod, kernel crashes with null pointer dereferrence error. During rmmod, ksz_switch_remove function...

7.2AI Score

0.0004EPSS

2024-05-23 12:00 AM
ubuntucve
ubuntucve

CVE-2021-47436

In the Linux kernel, the following vulnerability has been resolved: usb: musb: dsps: Fix the probe error path Commit 7c75bde329d7 ("usb: musb: musb_dsps: request_irq() after initializing musb") has inverted the calls to dsps_setup_optional_vbus_irq() and dsps_create_musb_pdev() without updating...

7.1AI Score

0.0004EPSS

2024-05-23 12:00 AM
cloudfoundry
cloudfoundry

USN-6756-1: less vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that less mishandled newline characters in file names. If a user or automated system were tricked into opening specially crafted files, an...

8AI Score

0.0004EPSS

2024-05-23 12:00 AM
cloudfoundry
cloudfoundry

USN-6736-1: klibc vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to...

7.7AI Score

0.013EPSS

2024-05-23 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : kernel (Live Patch 24 for SLE 15 SP4) (SUSE-SU-2024:1753-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1753-1 advisory. This update for the Linux Kernel 5.14.21-150400_24_111 fixes several issues. The following security issues were fixed: - CVE-2024-26610: Fixed...

8AI Score

2024-05-23 12:00 AM
nessus
nessus

RHEL 9 : tomcat (RHSA-2024:3307)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3307 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * Apache Tomcat:...

7.6AI Score

2024-05-23 12:00 AM
1
Total number of security vulnerabilities2540414