Total
27033 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8630 | 1 Alisonic | 2 Sibylla, Sibylla Firmware | 2024-10-16 | N/A | 9.8 CRITICAL |
| Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database. | |||||
| CVE-2024-48787 | 2024-10-15 | N/A | 9.1 CRITICAL | ||
| An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-48786 | 2024-10-15 | N/A | 9.1 CRITICAL | ||
| An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-48784 | 2024-10-15 | N/A | 9.8 CRITICAL | ||
| An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-48778 | 2024-10-15 | N/A | 9.1 CRITICAL | ||
| An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-48772 | 2024-10-15 | N/A | 9.1 CRITICAL | ||
| An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-48769 | 2024-10-15 | N/A | 9.1 CRITICAL | ||
| An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process. | |||||
| CVE-2024-9974 | 1 Oretnom23 | 1 Online Eyewear Shop | 2024-10-15 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=add_to_card of the component POST Request Handler. The manipulation of the argument product_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9973 | 1 Oretnom23 | 1 Online Eyewear Shop | 2024-10-15 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=reports of the component Report Viewing Page. The manipulation of the argument date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9813 | 1 Codezips | 1 Pharmacy Management System | 2024-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Codezips Pharmacy Management System 1.0. This issue affects some unknown processing of the file product/register.php. The manipulation of the argument category leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9812 | 1 Code-projects | 1 Crud Operation System | 2024-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical was found in code-projects Crud Operation System 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9811 | 1 Code-projects | 1 Restaurant Reservation System | 2024-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. This affects an unknown part of the file filter3.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9794 | 1 Codezips | 1 Online Shopping Portal | 2024-10-15 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0. This issue affects some unknown processing of the file /update-image1.php. The manipulation of the argument productimage1 leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9796 | 1 Internet-formation | 1 Wp-advanced-search | 2024-10-15 | N/A | 9.8 CRITICAL |
| The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks | |||||
| CVE-2024-42640 | 2024-10-15 | N/A | 9.8 CRITICAL | ||
| angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-46045 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2024-10-15 | N/A | 9.8 CRITICAL |
| Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function. | |||||
| CVE-2024-9518 | 1 Wpuserplus | 1 Userplus | 2024-10-15 | N/A | 9.8 CRITICAL |
| The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration. | |||||
| CVE-2024-46088 | 2024-10-15 | N/A | 9.8 CRITICAL | ||
| An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-9234 | 2024-10-15 | N/A | 9.8 CRITICAL | ||
| The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function (install-active-plugin REST API endpoint) in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins, or utilize the functionality to upload arbitrary files spoofed like plugins. | |||||
| CVE-2024-47875 | 2024-10-15 | N/A | 10.0 CRITICAL | ||
| DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3. | |||||