Total
299145 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10502 | 1 Esafenet | 1 Cdg | 2024-11-06 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function getOneFileDirectory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument directoryId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-10501 | 1 Esafenet | 1 Cdg | 2024-11-06 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. This affects the function findById of the file /com/esafenet/servlet/document/ExamCDGDocService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-9109 | 1 Octolize | 1 Woocommerce Ups Shipping | 2024-11-06 | N/A | 4.3 MEDIUM |
| The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_oauth_data function in all versions up to, and including, 2.3.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's API key. | |||||
| CVE-2024-47158 | 1 Neumann | 1 N-line | 2024-11-06 | N/A | 5.4 MEDIUM |
| N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is exploited, arbitrary code may be executed on the instructor's browser, or the instructor may be directed to a malicious website. | |||||
| CVE-2024-45785 | 1 Neumann | 1 Musasi | 2024-11-06 | N/A | 7.5 HIGH |
| MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved. | |||||
| CVE-2024-50526 | 1 Lindeni | 1 Multi Purpose Mail Form | 2024-11-06 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2. | |||||
| CVE-2024-50527 | 1 Stacksmarket | 1 Stacks Mobile App Builder | 2024-11-06 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Stacks Stacks Mobile App Builder allows Upload a Web Shell to a Web Server.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3. | |||||
| CVE-2024-50528 | 1 Stacksmarket | 1 Stacks Mobile App Builder | 2024-11-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stacks Stacks Mobile App Builder allows Retrieve Embedded Sensitive Data.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3. | |||||
| CVE-2024-50529 | 1 Rudrainnovative | 1 Training - Courses | 2024-11-06 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in Rudra Innnovative Software Training – Courses allows Upload a Web Shell to a Web Server.This issue affects Training – Courses: from n/a through 2.0.1. | |||||
| CVE-2024-43924 | 1 Dfactory | 1 Responsive Lightbox | 2024-11-06 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7. | |||||
| CVE-2024-50530 | 1 Myriadsolutionz | 1 Stars Smtp Mailer | 2024-11-06 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer allows Upload a Web Shell to a Web Server.This issue affects Stars SMTP Mailer: from n/a through 1.7. | |||||
| CVE-2024-5764 | 1 Sonatype | 1 Nexus | 2024-11-06 | N/A | 6.5 MEDIUM |
| Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (SMTP or HTTP proxy credentials, user tokens, tokens, among others). The affected versions relied on a static hard-coded encryption passphrase. While it was possible for an administrator to define an alternate encryption passphrase, it could only be done at first boot and not updated. This issue affects Nexus Repository: from 3.0.0 through 3.72.0. | |||||
| CVE-2024-10505 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-06 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Initially two separate issues were created by the researcher for the different function calls. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-31305 | 2024-11-06 | N/A | 1.9 LOW | ||
| Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure. | |||||
| CVE-2024-50531 | 1 Carrcommunications | 1 Rsvpmaker | 2024-11-06 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in David F. Carr RSVPMaker for Toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through 6.2.4. | |||||
| CVE-2024-10597 | 1 Esafenet | 1 Cdg | 2024-11-06 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActionService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-9686 | 1 Choplugins | 1 Order Notification For Telegram | 2024-11-06 | N/A | 5.3 MEDIUM |
| The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfw_send_test_message' function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test message via the Telegram Bot API to the user configured in the settings. | |||||
| CVE-2024-10372 | 1 Chidiwilliams | 1 Buzz | 2024-11-06 | 3.5 LOW | 3.6 LOW |
| A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function download_model of the file buzz/model_loader.py. The manipulation leads to insecure temporary file. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-10148 | 1 Sohelwpexpert | 1 Awesome Buttons | 2024-11-06 | N/A | 5.4 MEDIUM |
| The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-10011 | 1 Buddypress | 1 Buddypress | 2024-11-06 | N/A | 8.1 HIGH |
| The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory and enables file uploads to directories outside of the web root. Depending on server configuration it may be possible to upload files with double extensions. This vulnerability only affects Windows. | |||||