Search Results (Refine Search)
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-31822 |
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php component. Published: April 29, 2024; 2:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31821 |
SQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Orders_model.php component. Published: April 29, 2024; 2:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31820 |
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the getLangFolderForEdit method of the Languages.php component. Published: April 29, 2024; 2:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31705 |
An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via the insufficient validation of user-supplied input. Published: April 29, 2024; 2:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28320 |
Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to manipulate user parameters for unauthorized access and modifications via crafted POST request to /patient/edit-user.php. Published: April 29, 2024; 2:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-52080 |
IEIT NF5280M6 UEFI firmware through 8.4 has a pool overflow vulnerability, caused by improper use of the gRT->GetVariable() function. Attackers with access to local NVRAM variables can exploit this by modifying these variables on SPI Flash, resulting in memory data being tampered with. When critical data in memory data is tampered with,a crash may occur. Published: April 29, 2024; 2:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-51254 |
Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component. Published: April 29, 2024; 2:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33449 |
An SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information and execute arbitrary code via a POST request in the url parameter Published: April 29, 2024; 1:15:19 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33445 |
An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component. Published: April 29, 2024; 1:15:19 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33444 |
SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component. Published: April 29, 2024; 1:15:19 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32493 |
An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request. Published: April 29, 2024; 1:15:19 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32492 |
An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript. Published: April 29, 2024; 1:15:19 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32491 |
An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available through the web server. Published: April 29, 2024; 1:15:19 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32269 |
An issue in Yonganda YAD-LOJ V3.0.561 allows a remote attacker to cause a denial of service via a crafted packet. Published: April 29, 2024; 1:15:19 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31621 |
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component. Published: April 29, 2024; 1:15:19 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34020 |
A stack-based buffer overflow was found in the putSDN() function of mail.c in hcode through 2.1. Published: April 29, 2024; 12:15:35 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34011 |
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758. Published: April 29, 2024; 12:15:35 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34010 |
Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758. Published: April 29, 2024; 12:15:35 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32268 |
An issue in Tuya Smart camera U6N v.3.2.5 allows a remote attacker to cause a denial of service via a crafted packet to the network connection component. Published: April 29, 2024; 12:15:35 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-23995 |
Cross Site Scripting (XSS) in Beekeeper Studio 4.1.13 and earlier allows remote attackers to execute arbitrary code in the column name of a database table in tabulator-popup-container. Published: April 29, 2024; 12:15:35 PM -0400 |
V3.x:(not available) V2.0:(not available) |