CVE-2024-43415

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...

CVE-2024-43955

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1...

CVE-2024-7682

A vulnerability was found in code-projects Job Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file rwinat.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the publ...

CVE-2024-7196

A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack...

CVE-2024-7927

A vulnerability classified as critical was found in ZZCMS 2023. Affected by this vulnerability is an unknown functionality of the file /admin/class.php?dowhat=modifyclass. The manipulation of the argument skin leads to path traversal. The attack can be launched remotely. The exploit has been...

CVE-2024-21633

Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are...

CVE-2024-3322

A path traversal vulnerability exists in the 'cybersecurity/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'processfolder' function within...

BIT-SUPERSET-2020-13948

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...

CVE-2024-1009

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. T...

CVE-2024-10370

A vulnerability was found in Codezips Sales Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /addcustind.php. The manipulation of the argument refno leads to sql injection. The attack may be launched remotely. The exploit has...

CVE-2024-46888

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and...

CVE-2024-37928

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in NooTheme Jobmonster allows File Manipulation.This issue affects Jobmonster: from n/a through 4.7.0...

CVE-2024-37497

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Crocoblock JetThemeCore jet-theme-core.This issue affects JetThemeCore: from n/a through 2.2.1...

CVE-2024-37231

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through 9.9...

CVE-2024-37932

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in anhvnit Woocommerce OpenPos allows File Manipulation.This issue affects Woocommerce OpenPos: from n/a through 6.4.4...

CVE-2024-31892

IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements...

CVE-2024-4679

Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.This issue affects JP1/Extensible SNMP Agent for Windows: from 12-0...

CVE-2024-39651

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPWeb WooCommerce PDF Vouchers allows File Manipulation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.5...

CVE-2024-35658

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeHigh Checkout Field Editor for WooCommerce Pro allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce Pro: from n/a through 3.6.2...

CVE-2024-35743

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through 0.6...