Total
78089 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43247 | 2024-08-19 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in creativeon WHMpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WHMpress: from n/a through 6.2-revision-5. | |||||
| CVE-2024-7813 | 1 Prison Management System Project | 1 Prison Management System | 2024-08-19 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. This issue affects some unknown processing of the file /uploadImage/Profile/ of the component Profile Image Handler. The manipulation leads to insufficiently protected credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7810 | 1 Tamparongj 03 | 1 Online Graduate Tracer System | 2024-08-19 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tracking/admin/view_itprofile.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7750 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-08-19 | 6.5 MEDIUM | 7.5 HIGH |
| A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /medicines.php. The manipulation of the argument medicine_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7754 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-08-19 | 6.5 MEDIUM | 7.5 HIGH |
| A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /ajax/check_medicine_name.php. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7751 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-08-19 | 6.5 MEDIUM | 7.5 HIGH |
| A vulnerability was found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /update_medicine.php. The manipulation of the argument hidden_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7753 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-08-19 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user_images/. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-6451 | 2024-08-19 | N/A | 7.2 HIGH | ||
| AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of "logs_path", allowing Administrators to change log filetypes from .log to .php. | |||||
| CVE-2024-6358 | 1 Opentext | 1 Arcsight Intelligence | 2024-08-19 | N/A | 8.8 HIGH |
| Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence. | |||||
| CVE-2024-6357 | 1 Opentext | 1 Arcsight Intelligence | 2024-08-19 | N/A | 8.8 HIGH |
| Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence. | |||||
| CVE-2024-7009 | 1 Calibre-ebook | 1 Calibre | 2024-08-19 | N/A | 7.1 HIGH |
| Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database. | |||||
| CVE-2024-6781 | 1 Calibre-ebook | 1 Calibre | 2024-08-19 | N/A | 7.5 HIGH |
| Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read. | |||||
| CVE-2024-28962 | 1 Dell | 3 Alienware Update, Command Update, Update | 2024-08-19 | N/A | 7.5 HIGH |
| Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2024-7800 | 1 Oretnom23 | 1 Simple Online Bidding System | 2024-08-19 | 6.5 MEDIUM | 7.5 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=delete_product. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7497 | 1 Angeljudesuarez | 1 Airline Reservation System | 2024-08-19 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in itsourcecode Airline Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273623. | |||||
| CVE-2024-7496 | 1 Angeljudesuarez | 1 Airline Reservation System | 2024-08-19 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in itsourcecode Airline Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273622 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-7799 | 1 Oretnom23 | 1 Simple Online Bidding System | 2024-08-19 | 5.0 MEDIUM | 7.3 HIGH |
| A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-system/bidding/admin/users.php. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-39388 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-08-19 | N/A | 7.8 HIGH |
| Substance3D - Stager versions 3.0.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-39390 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-08-19 | N/A | 7.8 HIGH |
| InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-39391 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-08-19 | N/A | 7.8 HIGH |
| InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||