CVE-2024-9806 Craig Rodway Classroombookings Room Page fields cross site scripting

A vulnerability has been found in Craig Rodway Classroombookings up to 2.8.6 and classified as problematic. This vulnerability affects unknown code of the file /rooms/fields of the component Room Page. The manipulation of the argument Name leads to cross site scripting. The attack can be initiate...

CVE-2024-9804

A vulnerability was found in code-projects Blood Bank System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/campsdetails.php. The manipulation of the argument hospital leads to sql injection. The attack can be initiated remotely. The exploit has...

CVE-2024-9805 code-projects Blood Bank System campsdetails.php cross site scripting

A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/campsdetails.php. The manipulation of the argument hospital/address/city/contact leads to cross site scripting. The attack may be...

open-webui allows writing and deleting arbitrary files

In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHEDIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote cod...

CVE-2024-9465

Summary: CVE-2024-9465 is an unauthenticated SQL injection in Palo Alto Networks Expedition that can disclose database contents (password hashes, usernames, device configurations, API keys) and allow creation/read of arbitrary files via the CHECKPOINT.php endpoint. Multiple connected sources corr...

CVE-2024-9465

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

CVE-2024-47563

Siemens SINEC Security Monitor (all versions

CVE-2024-20438

A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this...

CVE-2024-20477

Cisco CVE-2024-20477 concerns an unauthorized REST API endpoint in Cisco Nexus Dashboard Fabric Controller (NDFC). An authenticated, low-privilege, remote attacker could bypass authorization on this endpoint and upload files into a specific container or delete files from a folder within that cont...

CVE-2024-20438 Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability

A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this...

Infinera Transcend Network Management System 安全漏洞

Infinera Transcend Network Management System Infinera TNMS is a powerful element, network, and service management system from Infinera USA. A security vulnerability exists in Infinera Transcend Network Management System version 19.10.3, which stems from a WebDAV service that allows a low-privileg...

CVE-2024-9325 Intelbras InControl incontrol-service-watchdog.exe unquoted search path

A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files x86\Intelbras\Incontrol Cliente\incontrolwebcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to...

CVE-2024-9321

CVE-2024-9321 affects SourceCodester Online Railway Reservation System 1.0. The vulnerability is in the /admin/inquiries/view_details.php page where manipulating the id parameter leads to improper access controls, with remote exploitation possible. According to the supplied sources, the issue has...

CVE-2024-9299

A vulnerability classified as problematic has been found in SourceCodester Online Railway Reservation System 1.0. This affects an unknown part of the file /?page=reserve. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to initiate th...

CVE-2024-9083

A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file /Admin/add-admin.php. The manipulation of the argument txtfullname leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2024-6787 MXview One Series vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition

This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used TOCTOU. By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious code and potentially...

CVE-2024-9036 itsourcecode Online Bookstore admin_add.php unrestricted upload

A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. This issue affects some unknown processing of the file adminadd.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been...

CVE-2024-9035 code-projects Blood Bank Management System Admin Login login.php sql injection

A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/login.php of the component Admin Login. The manipulation of the argument username/password leads to sql injection. It is possible to...

CVE-2024-9031 CodeCanyon CRMGo SaaS show cross site scripting

A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up to 7.2. This issue affects some unknown processing of the file /project/task/taskid/show. The manipulation of the argument comment leads to cross site scripting. The attack may be initiated remotely...

CVE-2024-8865

A vulnerability was found in composiohq composio up to 0.5.8 and classified as problematic. Affected by this issue is the function path of the file composio\server\api.py. The manipulation of the argument file leads to path traversal. The exploit has been disclosed to the public and may be used...