Total
299295 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32194 | 2024-10-16 | N/A | 7.2 HIGH | ||
| A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the project. | |||||
| CVE-2024-49266 | 2024-10-16 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thimo Grauerholz WP-Spreadplugin allows Stored XSS.This issue affects WP-Spreadplugin: from n/a through 4.8.9. | |||||
| CVE-2024-49245 | 2024-10-16 | N/A | 7.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ahime Ahime Image Printer.This issue affects Ahime Image Printer: from n/a through 1.0.0. | |||||
| CVE-2024-9873 | 2024-10-16 | N/A | 5.4 MEDIUM | ||
| The Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in posts, comments, and profiles when Markdown support is enabled in all versions up to, and including, 6.4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-7296 | 2024-10-16 | N/A | 6.4 MEDIUM | ||
| The BigBlueButton plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the moderator code and viewer code fields in versions up to, and including, 3.0.0-beta.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author privileges or higher to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-47351 | 2024-10-16 | N/A | 7.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The CSSIgniter Team MaxSlider allows Path Traversal.This issue affects MaxSlider: from n/a through 1.2.3. | |||||
| CVE-2024-48026 | 2024-10-16 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Grayson Robbins Disc Golf Manager allows Object Injection.This issue affects Disc Golf Manager: from n/a through 1.0.0. | |||||
| CVE-2024-47849 | 1 Mediawiki | 1 Cargo | 2024-10-16 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | |||||
| CVE-2024-47841 | 1 Wikimedia | 1 Wikimedia-extensions-css | 2024-10-16 | N/A | 7.5 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9. | |||||
| CVE-2024-47833 | 1 Avaiga | 1 Taipy | 2024-10-16 | N/A | 6.5 MEDIUM |
| Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-9803 | 1 Code-projects | 1 Blood Bank System | 2024-10-16 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as problematic. This affects an unknown part of the file blooddetails.php. The manipulation of the argument Availibility leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2024-9785 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2024-10-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formSetDDNS of the file /goform/formSetDDNS. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9786 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2024-10-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Affected by this issue is the function formSetLog of the file /goform/formSetLog. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-47657 | 1 Shilpisoft | 1 Net Back Office | 2024-10-16 | N/A | 6.5 MEDIUM |
| This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter dfclientid through API request URLs which could lead to unauthorized access to sensitive information belonging to other users. | |||||
| CVE-2024-9910 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2024-10-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9911 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2024-10-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-619L B1 2.06. It has been classified as critical. This affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-47656 | 1 Shilpisoft | 1 Client Dashboard | 2024-10-16 | N/A | 9.8 CRITICAL |
| This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on password, which could lead to gain unauthorized access to other user accounts. | |||||
| CVE-2024-9912 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2024-10-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9913 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2024-10-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9908 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2024-10-16 | 5.2 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument curTime leads to buffer overflow. The exploit has been disclosed to the public and may be used. | |||||