Total
26973 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8415 | 1 Oretnom23 | 1 Food Ordering Management System | 2024-09-06 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Food Ordering Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /routers/add-ticket.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8416 | 1 Oretnom23 | 1 Food Ordering Management System | 2024-09-06 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Food Ordering Management System 1.0. It has been classified as critical. This affects an unknown part of the file /routers/ticket-status.php. The manipulation of the argument ticket_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-43248 | 1 Bitapps | 1 Bit Form | 2024-09-06 | N/A | 9.1 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4. | |||||
| CVE-2024-42256 | 1 Linux | 1 Linux Kernel | 2024-09-06 | N/A | 9.8 CRITICAL |
| In the Linux kernel, the following vulnerability has been resolved: cifs: Fix server re-repick on subrequest retry When a subrequest is marked for needing retry, netfs will call cifs_prepare_write() which will make cifs repick the server for the op before renegotiating credits; it then calls cifs_issue_write() which invokes smb2_async_writev() - which re-repicks the server. If a different server is then selected, this causes the increment of server->in_flight to happen against one record and the decrement to happen against another, leading to misaccounting. Fix this by just removing the repick code in smb2_async_writev(). As this is only called from netfslib-driven code, cifs_prepare_write() should always have been called first, and so server should never be NULL and the preparatory step is repeated in the event that we do a retry. The problem manifests as a warning looking something like: WARNING: CPU: 4 PID: 72896 at fs/smb/client/smb2ops.c:97 smb2_add_credits+0x3f0/0x9e0 [cifs] ... RIP: 0010:smb2_add_credits+0x3f0/0x9e0 [cifs] ... smb2_writev_callback+0x334/0x560 [cifs] cifs_demultiplex_thread+0x77a/0x11b0 [cifs] kthread+0x187/0x1d0 ret_from_fork+0x34/0x60 ret_from_fork_asm+0x1a/0x30 Which may be triggered by a number of different xfstests running against an Azure server in multichannel mode. generic/249 seems the most repeatable, but generic/215, generic/249 and generic/308 may also show it. | |||||
| CVE-2024-45443 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | N/A | 9.1 CRITICAL |
| Directory traversal vulnerability in the cust module Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | |||||
| CVE-2024-44727 | 1 Angeljudesuarez | 1 Event Management System | 2024-09-06 | N/A | 9.8 CRITICAL |
| Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php. | |||||
| CVE-2024-24759 | 1 Mindsdb | 1 Mindsdb | 2024-09-06 | N/A | 9.1 CRITICAL |
| MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch. | |||||
| CVE-2024-36068 | 1 Rubrik | 1 Cloud Data Management | 2024-09-05 | N/A | 9.8 CRITICAL |
| An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code. | |||||
| CVE-2024-41444 | 1 Seacms | 1 Seacms | 2024-09-05 | N/A | 9.8 CRITICAL |
| SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so. | |||||
| CVE-2024-45265 | 1 Skyss | 1 Arfa-cms | 2024-09-05 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter. | |||||
| CVE-2024-8289 | 1 Multivendorx | 1 Multivendorx | 2024-09-05 | N/A | 9.8 CRITICAL |
| The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability check on the update_item_permissions_check and create_item_permissions_check functions in all versions up to, and including, 4.2.0. This makes it possible for unauthenticated attackers to change the password of any user with the vendor role, create new users with the vendor role, and demote other users like administrators to the vendor role. | |||||
| CVE-2024-42458 | 1 Any1 | 1 Neatvnc | 2024-09-05 | N/A | 9.8 CRITICAL |
| server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369. | |||||
| CVE-2024-8408 | 1 Linksys | 2 Wrt54g, Wrt54g Firmware | 2024-09-05 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument services_array leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7076 | 1 Semtekyazilim | 1 Semtek Sempos | 2024-09-05 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection.This issue affects Semtek Sempos: through 31072024. | |||||
| CVE-2024-7078 | 1 Semtekyazilim | 1 Semtek Sempos | 2024-09-05 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection.This issue affects Semtek Sempos: through 31072024. | |||||
| CVE-2024-45522 | 1 Linen | 1 Linen | 2024-09-05 | N/A | 9.8 CRITICAL |
| Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts. | |||||
| CVE-2024-7345 | 1 Progress | 1 Openedge | 2024-09-05 | N/A | 9.6 CRITICAL |
| Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms | |||||
| CVE-2024-34657 | 1 Samsung | 1 Notes | 2024-09-05 | N/A | 9.8 CRITICAL |
| Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code. | |||||
| CVE-2024-44808 | 2024-09-05 | N/A | 9.8 CRITICAL | ||
| An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter. | |||||
| CVE-2024-43360 | 1 Zoneminder | 1 Zoneminder | 2024-09-04 | N/A | 9.8 CRITICAL |
| ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61. | |||||