Total
27348 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7375 | 1 Oretnom23 | 1 Simple Realtime Quiz System | 2024-08-09 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in SourceCodester Simple Realtime Quiz System 1.0. This issue affects some unknown processing of the file /my_quiz_result.php. The manipulation of the argument quiz leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273359. | |||||
| CVE-2024-7376 | 1 Oretnom23 | 1 Simple Realtime Quiz System | 2024-08-09 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Simple Realtime Quiz System 1.0. Affected is an unknown function of the file /print_quiz_records.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273360. | |||||
| CVE-2024-7377 | 1 Oretnom23 | 1 Simple Realtime Quiz System | 2024-08-09 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_result.php. The manipulation of the argument qid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273361 was assigned to this vulnerability. | |||||
| CVE-2024-7378 | 1 Oretnom23 | 1 Simple Realtime Quiz System | 2024-08-09 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_question.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273362 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-7582 | 1 Tenda | 2 I22, I22 Firmware | 2024-08-08 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Tenda i22 1.0.0.3(4687). This vulnerability affects the function formApPortalAccessCodeAuth of the file /goform/apPortalAccessCodeAuth. The manipulation of the argument accessCode/data/acceInfo leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7583 | 1 Tenda | 2 I22, I22 Firmware | 2024-08-08 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Tenda i22 1.0.0.3(4687). This issue affects the function formApPortalOneKeyAuth of the file /goform/apPortalOneKeyAuth. The manipulation of the argument data leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-41237 | 1 Lopalopa | 1 Responsive School Management System | 2024-08-08 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. | |||||
| CVE-2024-34480 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2024-08-08 | N/A | 9.8 CRITICAL |
| SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id SQL Injection. | |||||
| CVE-2024-34479 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2024-08-08 | N/A | 9.8 CRITICAL |
| SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection. | |||||
| CVE-2024-7279 | 1 Oretnom23 | 1 Lot Reservation Management System | 2024-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Lot Reservation Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273148. | |||||
| CVE-2024-7280 | 1 Oretnom23 | 1 Lot Reservation Management System | 2024-08-08 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Lot Reservation Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/view_reserved.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273149 was assigned to this vulnerability. | |||||
| CVE-2024-7281 | 1 Oretnom23 | 1 Lot Reservation Management System | 2024-08-08 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Lot Reservation Management System 1.0. Affected is an unknown function of the file /admin/index.php?page=manage_lot. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273150 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-7282 | 1 Oretnom23 | 1 Lot Reservation Management System | 2024-08-08 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester Lot Reservation Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/manage_model.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273151. | |||||
| CVE-2024-7350 | 2024-08-08 | N/A | 9.8 CRITICAL | ||
| The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they have access to that user's email. This is only exploitable when the 'Auto login user after successful booking' setting is enabled. | |||||
| CVE-2024-23483 | 1 Zscaler | 1 Client Connector | 2024-08-07 | N/A | 9.8 CRITICAL |
| An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2. | |||||
| CVE-2024-7440 | 1 Vivotek | 2 Cc8160, Cc8160 Firmware | 2024-08-07 | 6.5 MEDIUM | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. It is possible to initiate the attack remotely. The identifier VDB-273525 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life. | |||||
| CVE-2024-41616 | 1 Dlink | 2 Dir-300, Dir-300 Firmware | 2024-08-07 | N/A | 9.8 CRITICAL |
| D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service. | |||||
| CVE-2024-7580 | 1 Alientechnology | 2 Alr-f800, Alr-f800 Firmware | 2024-08-07 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/system.html. The manipulation of the argument uploadedFile with the input ;whoami leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7581 | 1 Tendacn | 2 A301, A301 Firmware | 2024-08-07 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. This affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7369 | 1 Oretnom23 | 1 Simple Realtime Quiz System | 2024-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=login of the component Login. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273353 was assigned to this vulnerability. | |||||