Total
352110 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-20085 | 5 Google, Linuxfoundation, Mediatek and 2 more | 43 Android, Yocto, Mt6580 and 40 more | 2024-10-27 | 4.4 Medium |
| In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560. | ||||
| CVE-2024-20084 | 5 Google, Linuxfoundation, Mediatek and 2 more | 43 Android, Yocto, Mt6580 and 40 more | 2024-10-27 | 4.4 Medium |
| In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944210; Issue ID: MSV-1561. | ||||
| CVE-2024-10003 | 1 Roveridx | 1 Rover Idx | 2024-10-25 | 6.3 Medium |
| The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options. | ||||
| CVE-2024-9541 | 1 Blazethemes | 1 News Kit Elementor Addons | 2024-10-25 | 4.3 Medium |
| The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in includes/widgets/canvas-menu/canvas-menu.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data. | ||||
| CVE-2024-48707 | 1 O-dyn | 1 Collabtive | 2024-10-25 | 5.4 Medium |
| Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file. | ||||
| CVE-2024-48708 | 1 O-dyn | 1 Collabtive | 2024-10-25 | 5.4 Medium |
| Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser. | ||||
| CVE-2024-9987 | 1 Pandorafms | 1 Pandora Fms | 2024-10-25 | 8.8 High |
| A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through <777.3. | ||||
| CVE-2024-35308 | 1 Pandorafms | 1 Pandora Fms | 2024-10-25 | 8.8 High |
| A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through <777.3. | ||||
| CVE-2024-46240 | 2 Collabtive, O-dyn | 2 Collabtive, Collabtive | 2024-10-25 | 4.8 Medium |
| Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file. | ||||
| CVE-2024-48570 | 2 Client Management System, Phpgurukul | 2 Client Management System, Client Management System | 2024-10-25 | 7.5 High |
| Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php. | ||||
| CVE-2024-10298 | 1 Phpgurukul | 1 Medical Card Generation System | 2024-10-25 | 4.7 Medium |
| A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0. This affects an unknown part of the file /admin/edit-card-detail.php of the component Managecard Edit Card Detail Page. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10299 | 1 Phpgurukul | 1 Medical Card Generation System | 2024-10-25 | 4.7 Medium |
| A vulnerability classified as critical was found in PHPGurukul Medical Card Generation System 1.0. This vulnerability affects unknown code of the file /admin/view-card-detail.php of the component Managecard View Detail Page. The manipulation of the argument viewid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10300 | 1 Phpgurukul | 1 Medical Card Generation System | 2024-10-25 | 4.7 Medium |
| A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/view-enquiry.php of the component View Enquiry Page. The manipulation of the argument viewid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10301 | 1 Phpgurukul | 1 Medical Card Generation System | 2024-10-25 | 4.7 Medium |
| A vulnerability, which was classified as critical, was found in PHPGurukul Medical Card Generation System 1.0. Affected is an unknown function of the file /admin/search-medicalcard.php of the component Search. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-40493 | 2 Keith-cullen, Keithcullen | 2 Freecoap, Freecoap | 2024-10-25 | 5.3 Medium |
| Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_payload(resp)` to return a null pointer, which is then dereferenced in a call to `memcpy`. | ||||
| CVE-2024-44812 | 2 Janobe, Sourcecodester | 2 Online Complaint Site, Online Complaint Site | 2024-10-25 | 9.8 Critical |
| SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component. | ||||
| CVE-2024-48652 | 1 Tuzitio | 1 Camaleon Cms | 2024-10-25 | 4.8 Medium |
| Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field. | ||||
| CVE-2024-10250 | 1 Steelthemes | 1 Nioland | 2024-10-25 | 6.1 Medium |
| The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-9829 | 1 Metagauss | 1 Download Plugin | 2024-10-25 | 6.5 Medium |
| The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download any comment, and download metadata for any user including user PII and sensitive information including username, email, hashed passwords and application passwords, session token information and more depending on set up and additional plugins installed. | ||||
| CVE-2024-30158 | 1 Mitel | 1 Micollab | 2024-10-25 | 7.2 High |
| A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations. | ||||