Vulnerabilities (CVE)

Total 79717 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-42630 1 Frogcms Project 1 Frogcms 2024-08-13 N/A 8.8 HIGH
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file.
CVE-2024-42626 1 Frogcms Project 1 Frogcms 2024-08-13 N/A 8.8 HIGH
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add.
CVE-2024-7399 1 Samsung 1 Magicinfo 9 Server 2024-08-13 N/A 7.5 HIGH
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.
CVE-2024-37129 1 Dell 1 Inventory Collector 2024-08-13 N/A 7.8 HIGH
Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system.
CVE-2022-4002 1 Motorola 2 Q14, Q14 Firmware 2024-08-13 N/A 7.2 HIGH
A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request.
CVE-2024-7272 1 Ffmpeg 1 Ffmpeg 2024-08-13 7.5 HIGH 8.8 HIGH
A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2023-1577 1 Lenovo 1 Drivers Management 2024-08-13 N/A 7.8 HIGH
A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges.
CVE-2019-6198 1 Lenovo 1 Pcmanager 2024-08-13 N/A 7.8 HIGH
A vulnerability was reported in Lenovo PC Manager prior to versionĀ 2.8.90.11211 that could allow a local attacker to escalate privileges.
CVE-2019-6197 1 Lenovo 1 Pcmanager 2024-08-13 N/A 7.8 HIGH
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.
CVE-2024-7308 1 Oretnom23 1 Establishment Billing Management System 2024-08-13 6.5 MEDIUM 8.8 HIGH
A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view_bill.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273200.
CVE-2024-7307 1 Oretnom23 1 Establishment Billing Management System 2024-08-13 6.5 MEDIUM 8.8 HIGH
A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage_billing.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273199.
CVE-2024-7290 1 Oretnom23 1 Establishment Billing Management System 2024-08-13 6.5 MEDIUM 8.8 HIGH
A vulnerability classified as critical has been found in SourceCodester Establishment Billing Management System 1.0. This affects an unknown part of the file /manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273159.
CVE-2024-7289 1 Oretnom23 1 Establishment Billing Management System 2024-08-13 6.5 MEDIUM 8.8 HIGH
A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_payment.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273158 is the identifier assigned to this vulnerability.
CVE-2024-43213 2024-08-13 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MultiVendorX WC Marketplace allows Reflected XSS.This issue affects WC Marketplace: from n/a through 4.1.17.
CVE-2024-37935 2024-08-13 N/A 7.5 HIGH
Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.
CVE-2024-43233 2024-08-13 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8.
CVE-2024-38747 2024-08-13 N/A 7.5 HIGH
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay Payment Gateway for WooCommerce: from n/a through 4.1.3.
CVE-2024-38724 2024-08-13 N/A 7.1 HIGH
Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Muhammad Rehman Contact Form 7 Summary and Print allows Stored XSS.This issue affects Contact Form 7 Summary and Print: from n/a through 1.2.5.
CVE-2024-43163 2024-08-13 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Parcel Panel ParcelPanel allows Reflected XSS.This issue affects ParcelPanel: from n/a through 4.3.2.
CVE-2024-43127 2024-08-13 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPFactory Products, Order & Customers Export for WooCommerce allows Reflected XSS.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.11.