Search Results (Refine Search)
- Results Type: Overview
- Search Type: Search All
- CVSS Version: 3
- CVSS V3 Severity: Critical (9-10)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-24308 |
SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php. Published: February 09, 2024; 3:15:08 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-50026 |
SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts(). Published: February 09, 2024; 3:15:08 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-46350 |
SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike. Published: February 09, 2024; 3:15:08 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-49716 |
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer. Published: February 08, 2024; 11:15:08 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-46687 |
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer. Published: February 08, 2024; 11:15:07 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-43609 |
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition. Published: February 08, 2024; 11:15:07 PM -0500 |
V3.1: 9.1 CRITICAL V2.0:(not available) |
CVE-2024-1353 |
A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and may be used. VDB-253226 is the identifier assigned to this vulnerability. Published: February 08, 2024; 8:15:09 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-47132 |
An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls. Published: February 08, 2024; 6:15:09 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-24393 |
File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request. Published: February 08, 2024; 5:15:09 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-40266 |
An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal. Published: February 08, 2024; 5:15:08 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-24499 |
SQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to execute arbitrary SQL commands via the txtfullname and txtphone parameters in the edit_profile.php component. Published: February 08, 2024; 4:15:08 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-24498 |
Unrestricted File Upload vulnerability in Employee Management System 1.0 allows a remote attacker to execute arbitrary code via the edit-photo.php component. Published: February 08, 2024; 4:15:08 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-24497 |
SQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to execute arbitrary SQL commands via the txtusername and txtpassword parameters in the login.php components. Published: February 08, 2024; 4:15:08 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-24496 |
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components. Published: February 08, 2024; 4:15:08 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-24495 |
SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request. Published: February 08, 2024; 4:15:08 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-22836 |
An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server. Published: February 08, 2024; 3:15:52 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-0242 |
Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings. Published: February 08, 2024; 3:15:52 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-24321 |
An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function. Published: February 08, 2024; 1:15:08 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-24213 |
Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically, /pg_meta/default/query is for SQL queries that are entered in an intended UI by an authorized user. Nothing is injected. Published: February 08, 2024; 1:15:08 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-50061 |
PrestaShop Op'art Easy Redirect >= 1.3.8 and <= 1.3.12 is vulnerable to SQL Injection via Oparteasyredirect::hookActionDispatcher(). Published: February 08, 2024; 1:15:08 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |