Total
3411 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36568 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=. | |||||
| CVE-2024-36361 | 2024-07-03 | N/A | 6.8 MEDIUM | ||
| Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers. | |||||
| CVE-2024-36078 | 2024-07-03 | N/A | 6.7 MEDIUM | ||
| In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes (which run with the environment and permissions of the Zammad user). | |||||
| CVE-2024-35581 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Borrower Name input field. | |||||
| CVE-2024-34405 | 2024-07-03 | N/A | 9.1 CRITICAL | ||
| Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app. | |||||
| CVE-2024-34225 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters. | |||||
| CVE-2024-33445 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component. | |||||
| CVE-2024-33442 | 2024-07-03 | N/A | 4.3 MEDIUM | ||
| An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component. | |||||
| CVE-2024-33430 | 2024-07-03 | N/A | 8.8 HIGH | ||
| An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. | |||||
| CVE-2024-33394 | 2024-07-03 | N/A | 5.9 MEDIUM | ||
| An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | |||||
| CVE-2024-33335 | 2024-07-03 | N/A | 6.3 MEDIUM | ||
| SQL Injection vulnerability in H3C technology company SeaSQL DWS V2.0 allows a remote attacker to execute arbitrary code via a crafted file. | |||||
| CVE-2024-33294 | 2024-07-03 | N/A | 9.1 CRITICAL | ||
| An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the _FAILE variable in the student_edit_photo.php component. | |||||
| CVE-2024-32925 | 2024-07-03 | N/A | 8.8 HIGH | ||
| In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32492 | 2024-07-03 | N/A | 7.1 HIGH | ||
| An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript. | |||||
| CVE-2024-32491 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available through the web server. | |||||
| CVE-2024-32406 | 2024-07-03 | N/A | 7.5 HIGH | ||
| Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function. | |||||
| CVE-2024-32404 | 2024-07-03 | N/A | 6.0 MEDIUM | ||
| Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature. | |||||
| CVE-2024-32352 | 2024-07-03 | N/A | 8.8 HIGH | ||
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary. | |||||
| CVE-2024-31974 | 2024-07-03 | N/A | 6.3 MEDIUM | ||
| The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately sanitize the URI or any extra data passed in the intent by any installed application (with no permissions). | |||||
| CVE-2024-31823 | 2024-07-03 | N/A | 8.8 HIGH | ||
| An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the removeSecondaryImage method of the Publish.php component. | |||||