CVE-2024-1918

A vulnerability has been found in Byzoro Smart S42 Management Platform up to 20240219 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument hidwel leads to unrestricted upload. The attack...

CVE-2024-1830 code-projects Library System lost-password.php sql injection

A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file Source/librarian/user/student/lost-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched...

CVE-2024-1703

A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disclosed to the public and may be used. The...

CVE-2024-1702 keerti1924 PHP-MYSQL-User-Login-System edit.php sql injection

A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /edit.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the publi...

CVE-2024-1661

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity ...

CVE-2024-1267

A vulnerability, which was classified as problematic, has been found in CodeAstro Restaurant POS System 1.0. Affected by this issue is some unknown functionality of the file createaccount.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched...

CVE-2024-1260

A vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. This affects the function actionIndex of the file /api/controllers/admin/app/ComboController.php of the component API. The manipulation of the argument picurl leads to unrestricted upload. It is possible to...

CVE-2024-1200

A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and...

CVE-2024-1194

A vulnerability classified as problematic has been found in Armcode AlienIP 2.41. Affected is an unknown function of the component Locate Host Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public...

CVE-2024-1186

A vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the...

CVE-2024-1184

A vulnerability was found in Nsasoft Network Sleuth 3.0.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploi...

PT-2024-17354 · Armcode · Alienip

Name of the Vulnerable Software and Affected Versions: Armcode AlienIP version 2.41 Description: A vulnerability has been found in the Locate Host Handler component of Armcode AlienIP, which can lead to denial of service. The attack can be launched on the local host. The exploit has been disclose...

CVE-2024-1003

A vulnerability, which was classified as critical, has been found in Totolink N200RE 9.3.5u.6139B20201216. Affected by this issue is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument lang leads to stack-based buffer overflow. The attack may be launched...

CVE-2024-1005

A vulnerability has been found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This vulnerability affects unknown code of the file /runtime/log. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been...

CVE-2024-0987

A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected is an unknown function of the file /runtime/log. The manipulation leads to improper output neutralization for logs. The exploit has been disclosed to the public and may be used. The...

PT-2024-1316 · Totolink · Totolink N200Re

Name of the Vulnerable Software and Affected Versions: Totolink N200RE version 9.3.5u.6139 B20201216 Description: A critical issue affects the setParentalRules function of the /cgi-bin/cstecgi.cgi file, where manipulation of the eTime argument leads to a stack-based buffer overflow. This can be...

PT-2024-15940 · Unknown · Flink-Extended Ai-Flow +1

Name of the Vulnerable Software and Affected Versions: flink-extended ai-flow version 0.3.1 Description: A critical issue has been found, affecting the function cloudpickle.loads of the file ai flowclicommandsworkflow command.py. This issue leads to deserialization and can be exploited remotely...

CVE-2024-0943

A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attac...

CVE-2024-0943

A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attac...

CVE-2024-0941

A vulnerability was found in Novel-Plus 4.3.0-RC1 and classified as critical. This issue affects some unknown processing of the file /novel/bookComment/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier...