CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2024/11/08 5:31 a.m.•9 views

CVE-2024-10993 Codezips Online Institute Management System manage_website.php unrestricted upload

A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /managewebsite.php. The manipulation of the argument websiteimage leads to unrestricted upload. It is possible to launch the attack remotely...

6.5CVSS6.5AI score0.00074EPSS

NVD•added 2024/11/08 5:15 a.m.•7 views

CVE-2024-10990

A vulnerability classified as critical was found in SourceCodester Online Veterinary Appointment System 1.0. This vulnerability affects unknown code of the file /admin/services/viewservice.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The...

8.8CVSS0.00106EPSS

OSV•added 2024/11/07 6:15 p.m.•0 views

CVE-2024-10966

A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotel...

8.8CVSS5.6AI score

Exploits0References6

CVE•added 2024/11/04 2:31 a.m.•44 views

CVE-2024-10755

PHPGurukul Online Shopping Portal 2.0 contains a cross-site scripting vulnerability in /admin/assets/plugins/DataTables/media/unit_testing/templates/empty_table.php, triggered by manipulation of the scripts argument. The issue allows remote exploitation and is reported as public. The root cause i...

6.1CVSS4.1AI score0.0018EPSS

OSV•added 2024/11/04 12:15 a.m.•5 views

CVE-2024-10747

A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unittesting/templates/domdatath.php. The manipulation of the argument scripts leads to cross site scripting. The...

6.1CVSS3.7AI score0.00183EPSS

OSV•added 2024/11/03 9:15 p.m.•2 views

CVE-2024-10742

A vulnerability was found in code-projects Wazifa System 1.0 and classified as critical. This issue affects some unknown processing of the file /controllers/control.php. The manipulation of the argument to leads to sql injection. The attack may be initiated remotely. The exploit has been disclose...

7.5CVSS5.8AI score0.00157EPSS

CVE•added 2024/11/02 5:31 p.m.•55 views

CVE-2024-10701

The CVE-2024-10701 entry affects PHPGurukul Car Rental Portal 1.0. The vulnerability occurs in the /search.php handler via the searchdata parameter, enabling cross-site scripting. It can be triggered remotely, and public exploitation is indicated. Connected documents corroborate the issue with XS...

6.1CVSS4.1AI score0.00143EPSS

CVE•added 2024/11/02 2:31 p.m.•50 views

CVE-2024-10699

Code-projects Wazifa System 1.0 contains a SQL injection in /controllers/logincontrol.php via the username parameter. Root cause: lack of input validation/external SQL handling. Impact: remote attacker could exploit over network, with potential to access/alter data (per CVE records and related ad...

9.8CVSS7.7AI score0.00097EPSS

OSV•added 2024/11/02 2:15 p.m.•3 views

CVE-2024-10698

A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The...

9.8CVSS6.4AI score0.01905EPSS

OSV•added 2024/11/01 4:15 a.m.•1 views

CVE-2024-10617

A vulnerability classified as critical was found in Tongda OA up to 11.10. This vulnerability affects unknown code of the file /pda/workflow/checkseal.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the publi...

9.8CVSS5.7AI score

Exploits0References4

CVE•added 2024/11/01 3:0 a.m.•45 views

CVE-2024-10616

The CVE-2024-10616 entry concerns Tongda OA (up to 11.9) with a SQL injection in the saleId parameter of /pda/workflow/webSignSubmit.php. The vulnerability, exploitable remotely, is caused by improper handling of input leading to database query manipulation. Publicly disclosed exploit details are...

9.8CVSS7.1AI score0.00114EPSS

Exploits1References4Affected Software1

NVD•added 2024/11/01 2:15 a.m.•12 views

CVE-2024-10610

A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function delProtocol of the file /com/esafenet/servlet/system/ProtocolService.java. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The...

8.8CVSS0.00096EPSS

Cvelist•added 2024/11/01 1:0 a.m.•17 views

CVE-2024-10609 itsourcecode Tailoring Management System Project typeadd.php sql injection

A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System Project 1.0. This affects an unknown part of the file typeadd.php. The manipulation of the argument sex leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

6.5CVSS0.00097EPSS

CVE•added 2024/10/31 11:31 p.m.•53 views

CVE-2024-10605

CVE-2024-10605 affects Code-Projects Blood Bank Management System 1.0. The vulnerability is a cross-site request forgery in an unspecified portion of the file /file/request.php. Attack is feasible remotely and exploitation is possible without user privileges, with user interaction required per CV...

6.9CVSS4.9AI score0.00197EPSS

NVD•added 2024/10/31 11:15 p.m.•13 views

CVE-2024-10600

A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.6. Affected is an unknown function of the file pda/appcenter/submenu.php. The manipulation of the argument appid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

9.8CVSS0.68623EPSS

CVE•added 2024/10/31 11:0 p.m.•51 views

CVE-2024-10601

The CVE-2024-10601 refers to a SQL injection in Tongda OA 2017 up to 11.10, triggered by manipulating the where_repeat argument in /general/address/private/address/query/delete.php. Affects Tongda OA 2017 versions

9.8CVSS7AI score0.00097EPSS

Exploits1References4Affected Software1

OSV•added 2024/10/31 2:15 a.m.•1 views

CVE-2024-10559

A vulnerability was found in SourceCodester Airport Booking Management System 1.0 and classified as critical. Affected by this issue is the function Details. The manipulation of the argument passport/name leads to buffer overflow. The attack needs to be approached locally. The exploit has been...

7.8CVSS5.8AI score

Exploits0References5

CVE•added 2024/10/31 2:0 a.m.•55 views

CVE-2024-10561

The CVE-2024-10561 entry concerns Codezips Pet Shop Management System 1.0. The vulnerability is a SQL injection in the birdsupdate.php file triggered by manipulating the id parameter, with remote exploitation claimed. Multiple sources corroborate a critical impact (high confidentiality, integrity...

9.8CVSS7.7AI score0.00145EPSS

Exploits1References4Affected Software1

NVD•added 2024/10/31 1:15 a.m.•11 views

CVE-2024-10556

A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Affected is an unknown function of the file birdsadd.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...

9.8CVSS0.00136EPSS