Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-33300 |
Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files. Published: May 01, 2024; 3:15:26 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33292 |
SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote attacker to obtain sensitive information via the id parameter. Published: May 01, 2024; 3:15:26 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29011 |
Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions. Published: May 01, 2024; 3:15:22 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-26504 |
An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter. Published: May 01, 2024; 3:15:22 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25458 |
An issue in CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera (circuit board identifier A9-48B-V1.0) firmware v.CYCAM_48B_BC01_v87_0903 allows a remote attacker to obtain sensitive information via a crafted request to a UDP port. Published: May 01, 2024; 3:15:22 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25355 |
s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component. Published: May 01, 2024; 3:15:22 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24313 |
An issue in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/FormModel.php and QRModel.php component. Published: May 01, 2024; 3:15:22 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24312 |
SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/UserModel.php component. Published: May 01, 2024; 3:15:22 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22830 |
Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2202.6217 does not perform proper access control when handling system resources. This allows a local attacker to escalate privileges from regular user to System or PPL level. Published: May 01, 2024; 3:15:22 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-26793 |
libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in read_io_status function in src/modbus.c. Published: May 01, 2024; 3:15:21 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-23022 |
Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 employee's payroll management system 1.0, allows attackers to execute arbitrary code via the code, title, from_date and to_date inputs in file Main.php. Published: May 01, 2024; 3:15:21 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-23021 |
Cross Site Scripting (XSS) vulnerability in sourcecodester oretnom23 pos point sale system 1.0, allows attackers to execute arbitrary code via the code, name, and description inputs in file Main.php. Published: May 01, 2024; 3:15:21 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-23019 |
Cross site scripting (XSS) vulnerability in file main.php in sourcecodester oretnom23 Blog Site 1.0 via the name and email parameters to function user_add.\ Published: May 01, 2024; 3:15:20 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33442 |
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component. Published: May 01, 2024; 2:15:24 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33078 |
Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send a crafted image to trigger a overflow leading to remote code execution. Published: May 01, 2024; 2:15:24 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32213 |
The LoMag WareHouse Management application version 1.0.20.120 and older were found to allow weak passwords. By default, hard-coded passwords of 10 characters with little or no complexity are allowed. Published: May 01, 2024; 2:15:24 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32212 |
SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0.20.120 and before allows an attacker to execute arbitrary code via the ArticleGetGroups, DocAddDocument, ClassClickShop and frmSettings components. Published: May 01, 2024; 2:15:24 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32211 |
An issue in LOGINT LoMag Inventory Management v1.0.20.120 and before allows a local attacker to obtain sensitive information via the UserClass.cs and Settings.cs components. Published: May 01, 2024; 2:15:23 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32210 |
The LoMag WareHouse Management application version 1.0.20.120 and older were to utilize hard-coded passwords by default for forms and SQL connections. Published: May 01, 2024; 2:15:23 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30176 |
In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets. Published: May 01, 2024; 2:15:19 PM -0400 |
V3.x:(not available) V2.0:(not available) |