Search Results (Refine Search)
- Results Type: Overview
- Search Type: Search Last 3 Months
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-29133 |
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue. Published: March 21, 2024; 5:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29131 |
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue. Published: March 21, 2024; 5:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1148 |
Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files. Published: March 21, 2024; 4:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1147 |
Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and download of files. Published: March 21, 2024; 4:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2754 |
A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257544. Published: March 21, 2024; 3:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2162 |
An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges. This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 . Published: March 21, 2024; 2:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2161 |
Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 . Published: March 21, 2024; 2:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28835 |
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command. Published: March 21, 2024; 2:15:45 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29864 |
Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables. Published: March 21, 2024; 12:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29862 |
The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state. Published: March 21, 2024; 12:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29859 |
In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload. Published: March 21, 2024; 12:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29858 |
In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload. Published: March 21, 2024; 12:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28635 |
Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form. Published: March 21, 2024; 12:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22724 |
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature. Published: March 21, 2024; 12:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1538 |
The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wp_file_manager page that includes files through the 'lang' parameter. This makes it possible for unauthenticated attackers to include local JavaScript files that can be leveraged to achieve RCE via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This issue was partially patched in version 7.2.4, and fully patched in 7.2.5. Published: March 21, 2024; 12:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-48903 |
Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php. Published: March 21, 2024; 12:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-48902 |
An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php. Published: March 21, 2024; 12:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-48901 |
A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php. Published: March 21, 2024; 12:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2713 |
A vulnerability, which was classified as critical, was found in Campcodes Complete Online DJ Booking System 1.0. Affected is an unknown function of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257466 is the identifier assigned to this vulnerability. Published: March 20, 2024; 10:52:43 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2712 |
A vulnerability, which was classified as critical, has been found in Campcodes Complete Online DJ Booking System 1.0. This issue affects some unknown processing of the file /admin/user-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257465 was assigned to this vulnerability. Published: March 20, 2024; 10:52:43 PM -0400 |
V3.x:(not available) V2.0:(not available) |