Total
99675 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33983 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/AttendanceMonitoring/report/attendance_print.php'. | |||||
| CVE-2024-33982 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'StudentID' parameter in '/AttendanceMonitoring/student/controller.php'. | |||||
| CVE-2024-33978 | 1 Janobe | 1 Young Entrepreneur E-negosyo System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'category' parameter in '/index.php'. | |||||
| CVE-2024-33977 | 1 Janobe | 1 Young Entrepreneur E-negosyo System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'view' parameter in /admin/orders/index.php'. | |||||
| CVE-2024-33976 | 1 Janobe | 1 Young Entrepreneur E-negosyo System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'id' parameter in '/admin/user/index.php'. | |||||
| CVE-2024-33975 | 1 Janobe | 1 Young Entrepreneur E-negosyo System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'view' parameter in '/admin/products/index.php'. | |||||
| CVE-2024-34118 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-08-15 | N/A | 5.5 MEDIUM |
| Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service condition. An attacker could exploit this vulnerability to render the application unresponsive or terminate its execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-34135 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-08-15 | N/A | 5.5 MEDIUM |
| Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-34136 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-08-15 | N/A | 5.5 MEDIUM |
| Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-34137 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-08-15 | N/A | 5.5 MEDIUM |
| Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-34138 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-08-15 | N/A | 5.5 MEDIUM |
| Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-7715 | 2024-08-15 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240812. It has been classified as critical. This affects the function sprintf of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument filter leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. | |||||
| CVE-2024-4187 | 1 Opentext | 1 Filr | 2024-08-15 | N/A | 5.4 MEDIUM |
| Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites. | |||||
| CVE-2024-41955 | 1 Opensecurity | 1 Mobile Security Framework | 2024-08-15 | N/A | 5.4 MEDIUM |
| Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5. | |||||
| CVE-2024-33981 | 1 Janobe | 3 Credit Card, Debit Card Payment, Paypal | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/mod_reports/index.php'. | |||||
| CVE-2024-33980 | 1 Janobe | 3 Credit Card, Debit Card Payment, Paypal | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/mod_reports/printreport.php'. | |||||
| CVE-2024-33979 | 1 Janobe | 3 Credit Card, Debit Card Payment, Paypal | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'q', 'arrival', 'departure' and 'accomodation' parameters in '/index.php'. | |||||
| CVE-2024-40484 | 1 Phpgurukul | 1 Old Age Home Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in "/oahms/search.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter. | |||||
| CVE-2024-40481 | 1 Phpgurukul | 1 Old Age Home Management System | 2024-08-15 | N/A | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/view-enquiry.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the Contact Us page "message" parameter. | |||||
| CVE-2024-40474 | 1 Mayurik | 1 Best House Rental Management System | 2024-08-15 | N/A | 5.4 MEDIUM |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in "edit-cate.php" in SourceCodester House Rental Management System v1.0. | |||||