Total
3018 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1114 | 1 Openbi | 1 Openbi | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function dlfile of the file /application/index/controller/Screen.php. The manipulation of the argument fileUrl leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252472. | |||||
| CVE-2024-1011 | 1 Employee Management System Project | 1 Employee Management System | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Employee Management System 1.0. This vulnerability affects unknown code of the file delete-leave.php of the component Leave Handler. The manipulation of the argument id leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252280. | |||||
| CVE-2024-0949 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows Exploiting Incorrectly Configured Access Control Security Levels, Manipulating Web Input to File System Calls, Embedding Scripts within Scripts, Malicious Logic Insertion, Modification of Windows Service Configuration, Malicious Root Certificate, Intent Spoof, WebView Exposure, Data Injected During Configuration, Incomplete Data Deletion in a Multi-Tenant Environment, Install New Service, Modify Existing Service, Install Rootkit, Replace File Extension Handlers, Replace Trusted Executable, Modify Shared File, Add Malicious File to Shared Webroot, Run Software at Logon, Disable Security Software.This issue affects Elektraweb: before v17.0.68. | |||||
| CVE-2024-0712 | 1 Byzoro | 2 Smart S150, Smart S150 Firmware | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Byzoro Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251538 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0642 | 1 Cires21 | 1 Live Encoder | 2024-11-21 | N/A | 9.8 CRITICAL |
| Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management. | |||||
| CVE-2024-0570 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component. VDB-250786 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-0551 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for exporting would start the download at the same time, which once downloaded - deletes the export from the system. The endpoint for exporting should simply be patched to a higher privilege level. | |||||
| CVE-2024-0415 | 1 Csdeshang | 1 Dsmall | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Affected by this vulnerability is an unknown functionality of the file application/home/controller/TaobaoExport.php of the component Image URL Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250435. | |||||
| CVE-2024-0414 | 1 Csdeshang | 1 Dscms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. Affected is an unknown function of the file public/install.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250434 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-0413 | 1 Csdeshang | 1 Dskms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file public/install.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250433 was assigned to this vulnerability. | |||||
| CVE-2024-0412 | 1 Csdeshang | 1 Dsshop | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in DeShang DSShop up to 3.1.0. It has been declared as problematic. This vulnerability affects unknown code of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250432. | |||||
| CVE-2024-0411 | 1 Csdeshang | 1 Dsmall | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in DeShang DSMall up to 6.1.0. It has been classified as problematic. This affects an unknown part of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250431. | |||||
| CVE-2024-0358 | 1 Csdeshang | 1 Dso2o | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in DeShang DSO2O up to 4.1.0. It has been classified as critical. This affects an unknown part of the file /install/install.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250125 was assigned to this vulnerability. | |||||
| CVE-2024-0356 | 1 Mandelo | 1 Ssm Shiro Blog | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability has been found in Mandelo ssm_shiro_blog 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file updateRoles of the component Backend. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250123. | |||||
| CVE-2024-0336 | 2024-11-21 | N/A | N/A | ||
| Improper Access Control vulnerability in EMTA Grup PDKS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDKS: before 20240603. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0212 | 1 Cloudflare | 1 Cloudflare | 2024-11-21 | N/A | 8.1 HIGH |
| The Cloudflare Wordpress plugin was found to be vulnerable to improper authentication. The vulnerability enables attackers with a lower privileged account to access data from the Cloudflare API. | |||||
| CVE-2023-7223 | 1 Totolink | 2 T6, T6 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as problematic has been found in Totolink T6 4.1.9cu.5241_B20210923. This affects an unknown part of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7193 | 1 Mtab | 1 Bookmark | 2024-11-21 | 4.0 MEDIUM | 4.6 MEDIUM |
| A vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical. This issue affects some unknown processing of the file public/install.php of the component Installation. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249395. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7055 | 1 Phpgurukul | 1 Online Notes Sharing System | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-7025 | 1 Kylinos | 1 Hedron-domain-hook | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||