The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2024-10841 - A vulnerability classified as critical was found in romadebrian WEB-Sekolah 1.0. Affected by this vulnerability is an unknown functionality of the file /Proses_Kirim.php of the component Mail Handler. The manipulation of the argument Name leads to... read CVE-2024-10841
Published: November 05, 2024; 9:15:14 AM -0500V3.1: 8.0 HIGH
-
CVE-2024-10840 - A vulnerability classified as problematic has been found in romadebrian WEB-Sekolah 1.0. Affected is an unknown function of the file /Admin/akun_edit.php of the component Backend. The manipulation of the argument kode leads to cross site scripting... read CVE-2024-10840
Published: November 05, 2024; 8:15:03 AM -0500V3.1: 4.8 MEDIUM
-
CVE-2024-10842 - A vulnerability, which was classified as problematic, has been found in romadebrian WEB-Sekolah 1.0. Affected by this issue is some unknown functionality of the file /Admin/Proses_Edit_Akun.php of the component Backend. The manipulation of the arg... read CVE-2024-10842
Published: November 05, 2024; 9:15:14 AM -0500V3.1: 4.8 MEDIUM
-
CVE-2024-10844 - A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0. This affects an unknown part of the file search.php. The manipulation of the argument s leads to sql injection. It is possible to initia... read CVE-2024-10844
Published: November 05, 2024; 10:15:22 AM -0500V3.1: 9.8 CRITICAL
-
CVE-2024-10845 - A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file book_detail.php. The manipulation of the argument id leads to sql injection. The attack... read CVE-2024-10845
Published: November 05, 2024; 10:15:22 AM -0500V3.1: 9.8 CRITICAL
-
CVE-2024-30122 - HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these h... read CVE-2024-30122
Published: October 23, 2024; 11:15:30 AM -0400V3.1: 5.3 MEDIUM
-
CVE-2024-49370 - Pimcore is an open source data and experience management platform. When a PortalUserObject is connected to a PimcoreUser and "Use Pimcore Backend Password" is set to true, the change password function in Portal Profile sets the new password. Prior... read CVE-2024-49370
Published: October 23, 2024; 11:15:31 AM -0400V3.1: 4.9 MEDIUM
-
CVE-2024-49675 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Vitalii Bryl iBryl Switch User allows Authentication Bypass.This issue affects iBryl Switch User: from n/a through 1.0.1.
Published: October 23, 2024; 11:15:32 AM -0400V3.1: 8.8 HIGH
-
CVE-2024-47253 - In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability c... read CVE-2024-47253
Published: November 05, 2024; 5:20:03 AM -0500V3.1: 7.2 HIGH
-
CVE-2024-47255 - In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary code execution with root permissions.
Published: November 05, 2024; 5:20:05 AM -0500V3.1: 7.8 HIGH
-
CVE-2024-47254 - In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data Authenticity vulnerability could allow an attacker to escalate their privileges and gain root access to the system.
Published: November 05, 2024; 5:20:04 AM -0500V3.1: 7.2 HIGH
-
CVE-2024-51683 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Gangolf Custom post type templates for Elementor allows Stored XSS.This issue affects Custom post type templates for Elementor: fr... read CVE-2024-51683
Published: November 04, 2024; 10:15:24 AM -0500V3.1: 5.4 MEDIUM
-
CVE-2024-51682 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes HT Builder – WordPress Theme Builder for Elementor allows Stored XSS.This issue affects HT Builder – WordPress Theme Builder for... read CVE-2024-51682
Published: November 04, 2024; 10:15:23 AM -0500V3.1: 5.4 MEDIUM
-
CVE-2024-51681 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs allows Stored XSS.This issue affects WP Pocket URLs: from n/a through 1.0.3.
Published: November 04, 2024; 10:15:23 AM -0500V3.1: 5.4 MEDIUM
-
CVE-2024-51680 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CrestaProject – Rizzo Andrea Cresta Addons for Elementor allows Stored XSS.This issue affects Cresta Addons for Elementor: from n/a throug... read CVE-2024-51680
Published: November 04, 2024; 10:15:23 AM -0500V3.1: 5.4 MEDIUM
-
CVE-2024-51678 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Marcel Pol Elo Rating Shortcode allows Stored XSS.This issue affects Elo Rating Shortcode: from n/a through 1.0.3.
Published: November 04, 2024; 10:15:23 AM -0500V3.1: 5.4 MEDIUM
-
CVE-2024-51677 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WebberZone Knowledge Base allows Stored XSS.This issue affects Knowledge Base: from n/a through 2.2.0.
Published: November 04, 2024; 10:15:22 AM -0500V3.1: 5.4 MEDIUM
-
CVE-2024-51626 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mansur Ahamed Woocommerce Quote Calculator allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through 1.1.
Published: November 04, 2024; 10:15:22 AM -0500V3.1: 8.8 HIGH
-
CVE-2024-51672 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPDeveloper BetterLinks allows SQL Injection.This issue affects BetterLinks: from n/a through 2.1.7.
Published: November 04, 2024; 9:15:17 AM -0500V3.1: 7.2 HIGH
-
CVE-2024-51665 - Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor allows Server Side Request Forgery.This issue affects Magical Addons For Elementor: from n/a through 1.2.1.
Published: November 04, 2024; 9:15:16 AM -0500V3.1: 4.3 MEDIUM