Lucene search
K

5655 matches found

CVE
CVE
added 2024/12/29 8:31 a.m.59 views

CVE-2024-13007

CVE-2024-13007 affects Codezips Event Management System 1.0, where an SQL injection can be triggered in the /contact.php file by manipulating the title argument. The vulnerability is network-exploitable and allows remote access with no user interaction required, as described in multiple sources. ...

9.8CVSS6.8AI score0.00687EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/12/29 8:15 a.m.23 views

CVE-2024-13006

A vulnerability, which was classified as critical, has been found in 1000 Projects Human Resource Management System 1.0. This issue affects some unknown processing of the file /employeeview.php. The manipulation of the argument search leads to sql injection. The attack may be initiated remotely...

9.8CVSS0.00691EPSS
Exploits1References5
NVD
NVD
added 2024/12/29 7:15 a.m.18 views

CVE-2024-13004

A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. This affects an unknown part of the file /admin/category.php. The manipulation of the argument state leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

9.8CVSS0.00735EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/12/26 10:31 p.m.20 views

CVE-2024-12969 code-projects Hospital Management System Login index.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. T...

7.5CVSS0.00607EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/12/25 11:31 p.m.26 views

CVE-2024-12928 code-projects Simple Admin Panel sql injection

A vulnerability, which was classified as critical, was found in code-projects Simple Admin Panel 1.0. This affects an unknown part. The manipulation of the argument cname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may b...

6.5CVSS0.00387EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2024/12/25 1:45 p.m.22 views

Ruijie Networks' Cloud Platform Flaws Could've Exposed 50,000 Devices to Remote Attacks

Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. "These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices,"...

9.3CVSS10AI score0.00677EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/12/22 6:31 a.m.10 views

CVE-2024-12891 code-projects Online Exam Mastering System account.php sql injection

A vulnerability classified as critical has been found in code-projects Online Exam Mastering System 1.0. Affected is an unknown function of the file /account.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. It is possible to launch the attack remotely. The exploit h...

6.5CVSS7.4AI score0.00508EPSS
Exploits1References5
CVE
CVE
added 2024/12/21 2:0 p.m.67 views

CVE-2024-12884

CVE-2024-12884 affects Codezips E-Commerce Website 1.0. The vulnerability is an SQL injection in the login.php function triggered by manipulating the email parameter, allowing remote exploitation. Multiple connected sources corroborate the issue and describe it as critical, with exploitation disc...

9.8CVSS7.4AI score0.0077EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2024/12/21 2:0 p.m.18 views

CVE-2024-12884 Codezips E-Commerce Website login.php sql injection

A vulnerability was found in Codezips E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been...

7.5CVSS0.0077EPSS
Exploits1References4
OSV
OSV
added 2024/12/20 9:30 p.m.12 views

GHSA-MMX8-VRFG-HFMQ Piranha CMS Cross-site Scripting vulnerability

A stored cross-site scripting XSS vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload...

4.7CVSS4.8AI score0.00435EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2024/12/20 12:0 a.m.8 views

The vulnerability of the operating system for managing Synology Router Manager allows for cross-site scripting attacks, as a lack of security measures has been taken to protect the website structure. This vulnerability enables attackers to carry out cross-site scripting attacks.

The vulnerability of the Synology Router Manager operating system for managing network devices is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

6.5CVSS5.2AI score0.00255EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/19 12:0 a.m.4 views

The vulnerability of the Ucum library in the Java programming language, which allows attackers to perform XXE attacks

The vulnerability of the Ucum library for the Java programming language is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...

8.6CVSS7.5AI score0.00539EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/12/18 12:31 a.m.14 views

GHSA-PX38-239G-X5MG Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page

Cross-site scripting XSS vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted...

4.8CVSS5AI score0.00265EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/16 8:0 p.m.14 views

CVE-2024-12666 ClassCMS User Management Page admin insufficient privileges

A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation leads to improper handling of insufficient privileges. The...

5.8CVSS0.00487EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/12/16 7:31 p.m.22 views

CVE-2024-12665 ruifang-tech Rebuild Task Comment Attachment Upload cross site scripting

A vulnerability, which was classified as problematic, was found in ruifang-tech Rebuild 3.8.5. Affected is an unknown function of the component Task Comment Attachment Upload. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

5.3CVSS0.00414EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/12/13 12:0 a.m.17 views

Liferay Portal 7.3.2 < 7.4.3.108 CSRF

Cross-site request forgery CSRF vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to 1 change user passwords, 2...

8.8CVSS6AI score0.00342EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/12/12 8:0 p.m.23 views

Important: Red Hat Security Advisory: HawtIO 4.1.0 for Red Hat build of Apache Camel 4 Release and security update.

HawtIO 4.1.0 for Red Hat build of Apache Camel 4 GA Release is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update ...

7.5CVSS6.9AI score0.14718EPSS
Exploits2References10
BDU FSTEC
BDU FSTEC
added 2024/12/06 12:0 a.m.3 views

The vulnerability in the web interface of the Cisco Secure Firewall Management Center software (formerly known as Cisco Firepower Management Center) allows a attacker to carry out XSS attacks.

The vulnerability in the web interface of the Cisco Secure Firewall Management Center formerly known as Cisco Firepower Management Center exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS...

6.4CVSS5.4AI score0.00347EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/06 12:0 a.m.6 views

The vulnerability of the web client VPN microprogramming system for Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the VPN web client microprogramming software for Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site...

6.4CVSS5.2AI score0.00412EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2024/12/05 12:0 a.m.4 views

PT-2024-17502

Name of the Vulnerable Software and Affected Versions Shenzhen Dashi Tongzhou Information Technology AgileBPM version 1.0.0 Description A critical issue has been found, affecting the doFilter function of the AuthorizationTokenCheckFilter.java file. This leads to improper access controls, allowing...

8.8CVSS6.3AI score0.00572EPSS
Exploits1References8
Rows per page
Query Builder