Total
94117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33990 | 1 Janobe | 1 School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'id' and 'view' parameters in '/user/index.php'. | |||||
| CVE-2024-33989 | 1 Janobe | 1 School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'eventdate' and 'events' parameters in 'port/event_print.php'. | |||||
| CVE-2024-33985 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/course/index.php'. | |||||
| CVE-2024-33986 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/department/index.php'. | |||||
| CVE-2024-33987 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate', 'YearLevel', 'eventdate', 'events', 'Users' and 'YearLevel' parameters in '/report/index.php'. | |||||
| CVE-2024-33988 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/report/attendance_print.php'. | |||||
| CVE-2024-33984 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/AttendanceMonitoring/report/index.php'. | |||||
| CVE-2024-33983 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/AttendanceMonitoring/report/attendance_print.php'. | |||||
| CVE-2024-33982 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'StudentID' parameter in '/AttendanceMonitoring/student/controller.php'. | |||||
| CVE-2024-33978 | 1 Janobe | 1 Young Entrepreneur E-negosyo System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'category' parameter in '/index.php'. | |||||
| CVE-2024-33977 | 1 Janobe | 1 Young Entrepreneur E-negosyo System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'view' parameter in /admin/orders/index.php'. | |||||
| CVE-2024-33976 | 1 Janobe | 1 Young Entrepreneur E-negosyo System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'id' parameter in '/admin/user/index.php'. | |||||
| CVE-2024-33975 | 1 Janobe | 1 Young Entrepreneur E-negosyo System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'view' parameter in '/admin/products/index.php'. | |||||
| CVE-2024-34118 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-08-15 | N/A | 5.5 MEDIUM |
| Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service condition. An attacker could exploit this vulnerability to render the application unresponsive or terminate its execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-34135 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-08-15 | N/A | 5.5 MEDIUM |
| Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-34136 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-08-15 | N/A | 5.5 MEDIUM |
| Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-34137 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-08-15 | N/A | 5.5 MEDIUM |
| Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-34138 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-08-15 | N/A | 5.5 MEDIUM |
| Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-7715 | 2024-08-15 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240812. It has been classified as critical. This affects the function sprintf of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument filter leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. | |||||
| CVE-2024-4187 | 1 Opentext | 1 Filr | 2024-08-15 | N/A | 5.4 MEDIUM |
| Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites. | |||||