Total
27022 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45682 | 1 Millbeck | 2 Proroute H685t-w, Proroute H685t-w Firmware | 2024-09-27 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system. | |||||
| CVE-2024-43366 | 1 Matter-labs | 1 Zkvyper | 2024-09-27 | N/A | 9.1 CRITICAL |
| zkvyper is a Vyper compiler. Starting in version 1.3.12 and prior to version 1.5.3, since LLL IR has no Turing-incompletness restrictions, it is compiled to a loop with a much more late exit condition. It leads to a loss of funds or other unwanted behavior if the loop body contains it. However, more real-life use cases like iterating over an array are not affected. No contracts were affected by this issue, which was fixed in version 1.5.3. Upgrading and redeploying affected contracts is the only way to avoid the vulnerability. | |||||
| CVE-2024-7854 | 1 Sjhoo | 1 Woo Inquiry | 2024-09-27 | N/A | 9.8 CRITICAL |
| The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-9091 | 1 Code-projects | 1 Student Record System | 2024-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in code-projects Student Record System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument regno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9090 | 1 Mayurik | 1 Modern Loan Management System | 2024-09-27 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Modern Loan Management System 1.0. It has been classified as critical. Affected is an unknown function of the file search_member.php. The manipulation of the argument searchMember leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9085 | 1 Code-projects | 1 Restaurant Reservation System | 2024-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument date leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions sid as affected paramater which is incorrect. | |||||
| CVE-2024-9038 | 1 Codezips | 1 Online Shopping Portal | 2024-09-27 | 4.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as problematic was found in Codezips Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation of the argument productimage1/productimage2/productimage3 leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9039 | 1 Mayurik | 1 Best House Rental Management System | 2024-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=signup. The manipulation of the argument firstname/lastname/email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9094 | 1 Code-projects | 1 Blood Bank System | 2024-09-27 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /admin/blood/update/o-.php. The manipulation of the argument bloodname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-0002 | 1 Purestorage | 1 Purity\/\/fa | 2024-09-27 | N/A | 9.8 CRITICAL |
| A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. | |||||
| CVE-2024-0001 | 1 Purestorage | 1 Purity\/\/fa | 2024-09-27 | N/A | 9.8 CRITICAL |
| A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. | |||||
| CVE-2024-47088 | 1 Apexsoftcell | 2 Ld Dp Back Office, Ld Geo | 2024-09-26 | N/A | 9.8 CRITICAL |
| This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which could lead to gain unauthorized access to other user accounts. | |||||
| CVE-2024-7493 | 1 Wpcom | 1 Wpcom Member | 2024-09-26 | N/A | 9.8 CRITICAL |
| The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for unauthenticated attackers to update their role to that of an administrator during registration. | |||||
| CVE-2024-8624 | 1 Pluginus | 1 Wordpress Meta Data And Taxonomies Filter | 2024-09-26 | N/A | 9.9 CRITICAL |
| The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-8671 | 1 Exthemes | 1 Wooevents | 2024-09-26 | N/A | 9.1 CRITICAL |
| The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to overwrite arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | |||||
| CVE-2024-9080 | 1 Code-projects | 1 Student Record System | 2024-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in code-projects Student Record System 1.0. It has been classified as critical. Affected is an unknown function of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9079 | 1 Code-projects | 1 Student Record System | 2024-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in code-projects Student Record System 1.0 and classified as critical. This issue affects some unknown processing of the file /marks.php. The manipulation of the argument coursename leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9078 | 1 Code-projects | 1 Student Record System | 2024-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been found in code-projects Student Record System 1.0 and classified as critical. This vulnerability affects unknown code of the file /course.php. The manipulation of the argument coursename leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8791 | 1 Wpcharitable | 1 Charitable | 2024-09-26 | N/A | 9.8 CRITICAL |
| The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's identity when the ID parameter is supplied through the update_core_user() function. This makes it possible for unauthenticated attackers to update the email address and password of arbitrary user accounts, including administrators, which can then be used to log in to those user accounts. | |||||
| CVE-2024-46957 | 2024-09-26 | N/A | 9.8 CRITICAL | ||
| Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0. | |||||