Total
304045 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41368 | 1 Sourcefabric | 1 Phoniebox | 2024-09-04 | N/A | 9.8 CRITICAL |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php | |||||
| CVE-2024-41361 | 1 Sourcefabric | 1 Phoniebox | 2024-09-04 | N/A | 9.8 CRITICAL |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php | |||||
| CVE-2024-41369 | 1 Sourcefabric | 1 Phoniebox | 2024-09-04 | N/A | 9.8 CRITICAL |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php | |||||
| CVE-2024-8341 | 1 Nelzkie15 | 1 Pet Shop Management System | 2024-09-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in SourceCodester Petshop Management System 1.0. This vulnerability affects unknown code of the file /controllers/add_user.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8340 | 1 Oretnom23 | 1 Electric Billing Management System | 2024-09-04 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Electric Billing Management System 1.0. This affects an unknown part of the file /Actions.php?a=login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8339 | 1 Oretnom23 | 1 Electric Billing Management System | 2024-09-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Electric Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /?page=tracks of the component Connection Code Handler. The manipulation of the argument code leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8336 | 1 Oretnom23 | 1 Music Gallery Site | 2024-09-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. Affected by this vulnerability is an unknown functionality of the file /php-music/classes/Master.php?f=delete_music. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-41372 | 1 Organizr | 1 Organizr | 2024-09-04 | N/A | 9.8 CRITICAL |
| Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php. | |||||
| CVE-2024-41371 | 1 Organizr | 1 Organizr | 2024-09-04 | N/A | 6.1 MEDIUM |
| Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php. | |||||
| CVE-2024-41370 | 1 Organizr | 1 Organizr | 2024-09-04 | N/A | 9.8 CRITICAL |
| Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php. | |||||
| CVE-2024-41351 | 1 Baijunyao | 1 Bjyadmin | 2024-09-04 | N/A | 6.1 MEDIUM |
| bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/getContent.php | |||||
| CVE-2024-41350 | 1 Baijunyao | 1 Bjyadmin | 2024-09-04 | N/A | 6.1 MEDIUM |
| bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/imageUp.php | |||||
| CVE-2024-41348 | 1 Jpatokal | 1 Openflights | 2024-09-04 | N/A | 6.1 MEDIUM |
| openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php | |||||
| CVE-2024-41347 | 1 Jpatokal | 1 Openflights | 2024-09-04 | N/A | 6.1 MEDIUM |
| openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php | |||||
| CVE-2024-41346 | 1 Jpatokal | 1 Openflights | 2024-09-04 | N/A | 5.4 MEDIUM |
| openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php | |||||
| CVE-2024-43965 | 1 Smackcoders | 1 Sendgrid | 2024-09-04 | N/A | 8.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4. | |||||
| CVE-2024-6671 | 1 Progress | 1 Whatsup Gold | 2024-09-04 | N/A | 9.8 CRITICAL |
| In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. | |||||
| CVE-2024-8389 | 1 Mozilla | 1 Firefox | 2024-09-04 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130. | |||||
| CVE-2024-44921 | 1 Seacms | 1 Seacms | 2024-09-04 | N/A | 9.8 CRITICAL |
| SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del. | |||||
| CVE-2024-44920 | 1 Seacms | 1 Seacms | 2024-09-04 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter. | |||||