Total
306978 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27700 | 2024-11-18 | N/A | 7.6 HIGH | ||
| SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized customer with partner mode can switch to another customer dashboard and perform actions like modify user, delete user, etc. | |||||
| CVE-2024-42676 | 1 Isellerpal | 1 Enterprise Resource Management System | 2024-11-18 | N/A | 8.8 HIGH |
| File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component | |||||
| CVE-2024-50211 | 1 Linux | 1 Linux Kernel | 2024-11-18 | N/A | 3.3 LOW |
| In the Linux kernel, the following vulnerability has been resolved: udf: refactor inode_bmap() to handle error Refactor inode_bmap() to handle error since udf_next_aext() can return error now. On situations like ftruncate, udf_extend_file() can now detect errors and bail out early without resorting to checking for particular offsets and assuming internal behavior of these functions. | |||||
| CVE-2024-11021 | 1 Vice | 1 Webopac | 2024-11-18 | N/A | 5.4 MEDIUM |
| Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser. | |||||
| CVE-2024-11020 | 1 Vice | 1 Webopac | 2024-11-18 | N/A | 9.8 CRITICAL |
| Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents. | |||||
| CVE-2024-11019 | 1 Vice | 1 Webopac | 2024-11-18 | N/A | 6.1 MEDIUM |
| Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques. | |||||
| CVE-2024-11018 | 1 Vice | 1 Webopac | 2024-11-18 | N/A | 9.8 CRITICAL |
| Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server. | |||||
| CVE-2024-11101 | 1 1000projects | 1 Beauty Parlour Management System | 2024-11-18 | 5.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/search-invoices.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-11100 | 1 1000projects | 1 Beauty Parlour Management System | 2024-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-11017 | 1 Vice | 1 Webopac | 2024-11-18 | N/A | 8.8 HIGH |
| Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server. | |||||
| CVE-2024-49521 | 1 Adobe | 2 Commerce, Magento | 2024-11-18 | N/A | 7.7 HIGH |
| Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-10990 | 1 Oretnom23 | 1 Online Veterinary Appointment System | 2024-11-18 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical was found in SourceCodester Online Veterinary Appointment System 1.0. This vulnerability affects unknown code of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10991 | 1 Codezips | 1 Hospital Appointment System | 2024-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /editBranchResult.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-49526 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-11-18 | N/A | 7.8 HIGH |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-10993 | 1 Codezips | 1 Online Institute Management System | 2024-11-18 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10994 | 1 Codezips | 1 Online Institute Management System | 2024-11-18 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit_user.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-49527 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-11-18 | N/A | 5.5 MEDIUM |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-52947 | 2024-11-18 | N/A | 5.4 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page (upgradeSession / forceUpgrade) if the "Upgrade session" plugin has been enabled by an admin | |||||
| CVE-2024-50836 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 4.8 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and lastname parameters. | |||||
| CVE-2024-49528 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-11-18 | N/A | 7.8 HIGH |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||