Total
27069 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49604 | 1 Najeebmedia | 1 Simple User Registration | 2024-10-23 | N/A | 9.8 CRITICAL |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5. | |||||
| CVE-2024-41717 | 2024-10-23 | N/A | 9.8 CRITICAL | ||
| Kieback & Peter's DDC4000 series is vulnerable to a path traversal vulnerability, which may allow an unauthenticated attacker to read files on the system. | |||||
| CVE-2024-40085 | 2024-10-23 | N/A | 9.6 CRITICAL | ||
| A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoe_username and pppoe_password fields being larger than 128 bytes in length. | |||||
| CVE-2024-48659 | 2024-10-23 | N/A | 9.8 CRITICAL | ||
| An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component. | |||||
| CVE-2024-40086 | 2024-10-23 | N/A | 9.6 CRITICAL | ||
| A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than 64 bytes in length. | |||||
| CVE-2024-43698 | 2024-10-23 | N/A | 9.8 CRITICAL | ||
| Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system. | |||||
| CVE-2024-40083 | 2024-10-23 | N/A | 9.6 CRITICAL | ||
| A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading the token and timezone JSON fields into a fixed-length buffer. | |||||
| CVE-2024-44000 | 1 Litespeedtech | 1 Litespeed Cache | 2024-10-23 | N/A | 9.8 CRITICAL |
| Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a before 6.5.0.1. | |||||
| CVE-2024-10196 | 1 Code-projects | 1 Pharmacy Management System | 2024-10-23 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /add_new_invoice.php. The manipulation of the argument text leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-47634 | 1 Majas-lapu-izstrade | 1 Cartbounty | 2024-10-22 | N/A | 9.8 CRITICAL |
| Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty – Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.This issue affects CartBounty – Save and recover abandoned carts for WooCommerce: from n/a through 8.2. | |||||
| CVE-2024-9537 | 1 Sciencelogic | 1 Sl1 | 2024-10-22 | N/A | 9.8 CRITICAL |
| ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x. | |||||
| CVE-2024-10154 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-22 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file status.php of the component Check Booking Status Page. The manipulation of the argument emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10156 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-22 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Sign In Page. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10163 | 1 Oretnom23 | 1 Sentiment Based Movie Rating System | 2024-10-22 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Sentiment Based Movie Rating System 1.0. It has been classified as critical. Affected is an unknown function of the file /msrps/movie_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure mentions a slightly changed product name. | |||||
| CVE-2024-10140 | 1 Code-projects | 1 Pharmacy Management System | 2024-10-22 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. Affected by this issue is some unknown functionality of the file /manage_supplier.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10139 | 1 Code-projects | 1 Pharmacy Management System | 2024-10-22 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add_new_supplier.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10137 | 1 Code-projects | 1 Pharmacy Management System | 2024-10-22 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /manage_medicine.php?action=delete. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10138 | 1 Code-projects | 1 Pharmacy Management System | 2024-10-22 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. Affected is an unknown function of the file /add_new_purchase.php?action=is_supplier. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10136 | 1 Code-projects | 1 Pharmacy Management System | 2024-10-22 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_invoice.php. The manipulation of the argument invoice_number leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-38124 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-10-22 | N/A | 9.0 CRITICAL |
| Windows Netlogon Elevation of Privilege Vulnerability | |||||