Total
298771 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9350 | 1 Dpd | 1 Dpd Baltic Shipping | 2024-10-29 | N/A | 6.1 MEDIUM |
| The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_value' parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-9593 | 1 Wpplugin | 1 Time Clock | 2024-10-29 | N/A | 8.3 HIGH |
| The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified. | |||||
| CVE-2024-10425 | 1 Projectworlds | 1 Student Project Allocation System | 2024-10-29 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /student/project_selection/move_up_project.php of the component Project Selection Page. The manipulation of the argument up leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10423 | 1 Projectworlds | 1 Student Project Allocation System | 2024-10-29 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Project Worlds Student Project Allocation System 1.0. Affected is an unknown function of the file /student/project_selection/project_selection.php of the component Project Selection Page. The manipulation of the argument project_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10424 | 1 Projectworlds | 1 Student Project Allocation System | 2024-10-29 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/project_selection/remove_project.php of the component Project Selection Page. The manipulation of the argument no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-43885 | 2024-10-29 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2024-10418 | 1 Fabianros | 1 Blood Bank Management System | 2024-10-29 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /file/infoAdd.php. The manipulation of the argument bg leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10419 | 1 Fabianros | 1 Blood Bank Management System | 2024-10-29 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bloodrequest.php. The manipulation of the argument msg leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10420 | 1 Nurhodelta17 | 1 Attendance And Payroll System | 2024-10-29 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Attendance and Payroll System 1.0. This affects the function upload of the file /marimar/guest/update.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10421 | 1 Nurhodelta17 | 1 Attendance And Payroll System | 2024-10-29 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester Attendance and Payroll System 1.0. This vulnerability affects unknown code of the file /admin/overtime_row.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10422 | 1 Nurhodelta17 | 1 Attendance And Payroll System | 2024-10-29 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in SourceCodester Attendance and Payroll System 1.0. This issue affects some unknown processing of the file /admin/overtime_add.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-47022 | 1 Google | 32 Android, Pixel, Pixel 2 and 29 more | 2024-10-28 | N/A | 7.5 HIGH |
| Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656. | |||||
| CVE-2024-47021 | 1 Google | 1 Android | 2024-10-28 | N/A | 7.5 HIGH |
| In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-47020 | 1 Google | 32 Android, Pixel, Pixel 2 and 29 more | 2024-10-28 | N/A | 7.5 HIGH |
| Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488. | |||||
| CVE-2024-41911 | 1 Hp | 2 Poly Clariti Manager, Poly Clariti Manager Firmware | 2024-10-28 | N/A | 5.4 MEDIUM |
| A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation. | |||||
| CVE-2024-41517 | 1 Mecodia | 1 Feripro | 2024-10-28 | N/A | 5.3 MEDIUM |
| An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro <= v2.2.3 allows remote attackers to get a list of all users and their corresponding privileges. | |||||
| CVE-2024-40096 | 1 Rd Labs Llc | 1 Who | 2024-10-28 | N/A | 3.3 LOW |
| The com.cascadialabs.who (aka Who - Caller ID, Spam Block) application 15.0 for Android places sensitive information in the system log. | |||||
| CVE-2024-39771 | 1 Safie | 4 Qbic Cloud Cc-2\/2l, Qbic Cloud Cc-2\/2l Firmware, Safie One and 1 more | 2024-10-28 | N/A | 6.8 MEDIUM |
| QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-middle attack. | |||||
| CVE-2024-36811 | 2024-10-28 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-37295. Reason: This candidate is a reservation duplicate of CVE-2024-37295. Notes: All CVE users should reference CVE-2024-37295 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2024-6720 | 1 Dmytropopov | 1 Light Poll | 2024-10-28 | N/A | 8.8 HIGH |
| The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | |||||