Total
88315 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45872 | 1 Bandisoft | 1 Bandiview | 2025-04-28 | N/A | 6.3 MEDIUM |
| Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d. The vulnerability occurs due to insufficient validation of PSD files. | |||||
| CVE-2024-46077 | 1 Mayurik | 1 Online Tours And Travels Management System | 2025-04-28 | N/A | 5.4 MEDIUM |
| itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the val-username, val-email, val-suggestions, val-digits and state_name parameters in travellers.php. | |||||
| CVE-2024-46654 | 1 Maccms | 1 Maccms | 2025-04-28 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2024-33867 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2025-04-28 | N/A | 4.8 MEDIUM |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is a hardcoded password salt. | |||||
| CVE-2024-33866 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2025-04-28 | N/A | 5.5 MEDIUM |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/{GUID] XSS. | |||||
| CVE-2024-33864 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2025-04-28 | N/A | 5.9 MEDIUM |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript. | |||||
| CVE-2024-9036 | 1 Angeljudesuarez | 1 Online Book Store Project | 2025-04-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_add.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-46082 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | N/A | 5.4 MEDIUM |
| Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters. | |||||
| CVE-2024-46083 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | N/A | 5.4 MEDIUM |
| Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is important to note that regular users can trigger actions for administrator users. | |||||
| CVE-2024-46079 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | N/A | 6.1 MEDIUM |
| Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter. | |||||
| CVE-2024-46081 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | N/A | 5.4 MEDIUM |
| Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to various users on the platform. | |||||
| CVE-2024-55514 | 1 Raisecom | 8 Msg1200, Msg1200 Firmware, Msg2100e and 5 more | 2025-04-28 | N/A | 6.3 MEDIUM |
| A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_sfmig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions. | |||||
| CVE-2024-29507 | 1 Artifex | 1 Ghostscript | 2025-04-28 | N/A | 5.4 MEDIUM |
| Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters. | |||||
| CVE-2024-29510 | 1 Artifex | 1 Ghostscript | 2025-04-28 | N/A | 6.3 MEDIUM |
| Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. | |||||
| CVE-2024-39843 | 1 Centreon | 1 Centreon | 2025-04-28 | N/A | 6.7 MEDIUM |
| A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs. | |||||
| CVE-2024-35362 | 1 Shopex | 1 Ecshop | 2025-04-28 | N/A | 5.4 MEDIUM |
| Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via ecshop/article_cat.php. | |||||
| CVE-2024-20368 | 1 Cisco | 1 Identity Services Engine | 2025-04-28 | N/A | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user. | |||||
| CVE-2024-20532 | 1 Cisco | 1 Identity Services Engine | 2025-04-28 | N/A | 5.5 MEDIUM |
| A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read or delete arbitrary files on the underlying operating system. | |||||
| CVE-2024-20529 | 1 Cisco | 1 Identity Services Engine | 2025-04-28 | N/A | 5.5 MEDIUM |
| A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read or delete arbitrary files on the underlying operating system. | |||||
| CVE-2024-42021 | 1 Veeam | 1 One | 2025-04-28 | N/A | 6.5 MEDIUM |
| An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. | |||||