Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-29489 |
Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type. Published: March 28, 2024; 7:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29316 |
NodeBB 3.6.7 is vulnerable to Incorrect Access Control. Published: March 28, 2024; 7:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28714 |
SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter. Published: March 28, 2024; 7:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28456 |
Cross Site Scripting vulnerability in Campcodes Online Marriage Registration System v.1.0 allows a remote attacker to execute arbitrary code via the text fields in the marriage registration request form. Published: March 28, 2024; 7:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24407 |
SQL Injection vulnerability in Best Courier management system v.1.0 allows a remote attacker to obtain sensitive information via print_pdets.php component. Published: March 28, 2024; 7:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-50969 |
Thales Imperva SecureSphere WAF 14.7.0.40 allows remote attackers to bypass WAF rules via a crafted POST request, a different vulnerability than CVE-2021-45468. Published: March 28, 2024; 7:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-33528 |
halo v1.6.0 is vulnerable to Cross Site Scripting (XSS). Published: March 28, 2024; 7:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2021-31156 |
Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader 1.00.006 allow Directory Traversal to achieve partial access to data. Published: March 28, 2024; 7:15:45 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-25341 |
A Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the same network to read files accessible to the user via GET requests. Published: March 28, 2024; 6:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-23727 |
The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component. Published: March 28, 2024; 5:16:01 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28091 |
Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User Defined Service in managed_services_add.asp (the victim must click an X for a deletion). Published: March 28, 2024; 4:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28090 |
Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User name in dyn_dns.asp. Published: March 28, 2024; 4:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25506 |
Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker before 4.0 allows a remote attacker to run arbitrary code via control of the pm_sys_sys cookie. Published: March 28, 2024; 4:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3019 |
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer. Published: March 28, 2024; 3:15:49 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31065 |
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field. Published: March 28, 2024; 3:15:49 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31064 |
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field. Published: March 28, 2024; 3:15:49 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31063 |
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field. Published: March 28, 2024; 3:15:49 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31062 |
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field. Published: March 28, 2024; 3:15:48 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31061 |
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Last Name input field. Published: March 28, 2024; 3:15:48 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2947 |
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer. Published: March 28, 2024; 3:15:48 PM -0400 |
V3.x:(not available) V2.0:(not available) |