Export limit exceeded: 357074 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357074 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1682 | 1 Psf | 1 Psf-requests | 2024-11-18 | 4.3 Medium |
| An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been claimed by an external party. The use of this unclaimed S3 bucket could lead to data integrity issues, data leakage, availability problems, loss of trustworthiness, and potential further attacks if the bucket is used to host malicious content or as a pivot point for further attacks. | ||||
| CVE-2024-3379 | 2 Lunary, Lunary-ai | 2 Lunary, Lunary-ai\/lunary | 2024-11-18 | 9.6 Critical |
| In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to regenerate the private key of a project without having the necessary permissions or being assigned to that project. This issue was fixed in version 1.2.7. | ||||
| CVE-2024-50972 | 2 Angeljudesuarez, Itsourcecode | 2 Construction Management System, Construction Management System | 2024-11-18 | 6.5 Medium |
| A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the borrow_id parameter. | ||||
| CVE-2024-50971 | 2 Angeljudesuarez, Itsourcecode | 2 Construction Management System, Construction Management System | 2024-11-18 | 6.5 Medium |
| A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the map_id parameter. | ||||
| CVE-2024-50970 | 2 Itsourcecode, Nikoarroyocuraza | 2 Online Furniture Shopping Project, Online Furniture Shopping Project | 2024-11-18 | 6.5 Medium |
| A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2024-11102 | 2 Mayurik, Sourcecodester | 2 Hospital Management System, Online Hospital Management System | 2024-11-18 | 3.5 Low |
| A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /vm/doctor/edit-doc.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2020-26063 | 1 Cisco | 1 Unified Computing System | 2024-11-18 | 5.4 Medium |
| A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicious requests to an API endpoint. An exploit could allow the attacker to download files from or modify limited configuration options on the affected system.There are no workarounds that address this vulnerability. | ||||
| CVE-2024-48837 | 1 Dell | 1 Smartfabric Os10 | 2024-11-18 | 7.8 High |
| Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution | ||||
| CVE-2021-27701 | 2024-11-18 | 4.7 Medium | ||
| SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request Forgery (CSRF) via the Socifi wifi portal. The application does not contain a CSRF token and request validation. An attacker can Add/Modify any random user data by sending a crafted CSRF request. | ||||
| CVE-2021-27700 | 2024-11-18 | 7.6 High | ||
| SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized customer with partner mode can switch to another customer dashboard and perform actions like modify user, delete user, etc. | ||||
| CVE-2024-42676 | 2 Isellerpal, Shenzhen Huizhi Software Development | 2 Enterprise Resource Management System, Enterprise Resource Management System | 2024-11-18 | 8.8 High |
| File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component | ||||
| CVE-2024-11021 | 1 Vice | 1 Webopac | 2024-11-18 | 5.4 Medium |
| Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser. | ||||
| CVE-2024-11020 | 1 Vice | 1 Webopac | 2024-11-18 | 9.8 Critical |
| Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents. | ||||
| CVE-2024-11019 | 1 Vice | 1 Webopac | 2024-11-18 | 6.1 Medium |
| Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques. | ||||
| CVE-2024-11018 | 1 Vice | 1 Webopac | 2024-11-18 | 9.8 Critical |
| Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server. | ||||
| CVE-2024-11101 | 1 1000projects | 1 Beauty Parlour Management System | 2024-11-18 | 4.7 Medium |
| A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/search-invoices.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-1419 | 1 Redhat | 2 Debezium, Integration | 2024-11-18 | 5.9 Medium |
| A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data. | ||||
| CVE-2024-11100 | 1 1000projects | 1 Beauty Parlour Management System | 2024-11-18 | 7.3 High |
| A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11017 | 1 Vice | 1 Webopac | 2024-11-18 | 8.8 High |
| Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server. | ||||
| CVE-2024-49521 | 1 Adobe | 2 Commerce, Magento | 2024-11-18 | 7.7 High |
| Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction. | ||||