ReportizFlow
Filtered by vendor
Subscriptions
Total
322276 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43219 | 1 Woocommerce | 1 Persian-woocommerce | 2024-11-06 | 5.3 Medium |
| Missing Authorization vulnerability in ووکامرس فارسی Persian WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Persian WooCommerce: from n/a through 7.1.6. | ||||
| CVE-2024-47362 | 1 Wpchill | 1 Strong Testimonials | 2024-11-06 | 4.3 Medium |
| Missing Authorization vulnerability in WPChill Strong Testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through 3.1.16. | ||||
| CVE-2024-43290 | 1 Atarim | 1 Atarim | 2024-11-06 | 5.3 Medium |
| Missing Authorization vulnerability in Atarim allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Atarim: from n/a through 4.0.1. | ||||
| CVE-2024-43277 | 1 Ayecode | 1 Userswp | 2024-11-06 | 5.3 Medium |
| Missing Authorization vulnerability in AyeCode Ltd UsersWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through 1.2.15. | ||||
| CVE-2024-51431 | 1 Lb-link | 2 Bl-wr1300h, Bl-wr1300h Firmware | 2024-11-06 | 8.1 High |
| LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable. | ||||
| CVE-2024-43274 | 1 Jshelpdesk | 1 Jshelpdesk | 2024-11-06 | 5.8 Medium |
| Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.6. | ||||
| CVE-2024-43270 | 1 Wpbackitup | 1 Wp Backitup | 2024-11-06 | 5.3 Medium |
| Missing Authorization vulnerability in WPBackItUp Backup and Restore WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Backup and Restore WordPress: from n/a through 1.50. | ||||
| CVE-2024-48352 | 1 Yealink | 2 Meeting Server, Yealink Meeting Server | 2024-11-06 | 7.5 High |
| Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID. | ||||
| CVE-2024-22733 | 1 Tp-link | 3 Mr200, Mr200 Firmware, Tl-mr200 V4 Firmware | 2024-11-06 | 3.5 Low |
| TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which could lead to a denial of service by a local or remote unauthenticated attacker. | ||||
| CVE-2024-43120 | 1 Gmo | 1 Typesquare Webfonts For Conoha | 2024-11-06 | 5.3 Medium |
| Missing Authorization vulnerability in XSERVER Inc. TypeSquare Webfonts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TypeSquare Webfonts: from n/a through 2.0.7. | ||||
| CVE-2024-10500 | 1 Esafenet | 1 Cdg | 2024-11-06 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/policy/HookWhiteListService.java. The manipulation of the argument policyId leads to sql injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-51252 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-11-05 | 8 High |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function. | ||||
| CVE-2024-45918 | 1 Kirisun | 1 Command And Dispatch Platform | 2024-11-05 | 9.8 Critical |
| Fujian Kelixin Communication Command and Dispatch Platform <=7.6.6.4391 is vulnerable to SQL Injection via /client/get_gis_fence.php. | ||||
| CVE-2023-6728 | 2024-11-05 | 3.3 Low | ||
| Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content. | ||||
| CVE-2024-10735 | 1 Projectworlds | 1 Life Insurance Management System | 2024-11-05 | 6.3 Medium |
| A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /editNominee.php. The manipulation of the argument nominee_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10738 | 2 Angeljudesuarez, Itsourcecode | 2 Farm Management System, Farm Management System | 2024-11-05 | 6.3 Medium |
| A vulnerability classified as critical was found in itsourcecode Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file manage-breed.php. The manipulation of the argument breed leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10739 | 2 Anisha, Code-projects | 2 E-health Care System, E-health Care System | 2024-11-05 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in code-projects E-Health Care System 1.0. Affected by this issue is some unknown functionality of the file /Admin/adminlogin.php. The manipulation of the argument email/admin_pswd as part of String leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "email" to be affected. But it must be assumed that parameter "admin_pswd" is affected as well. | ||||
| CVE-2024-10699 | 2 Anisha, Code-projects | 2 Wazifa System, Wazifa System | 2024-11-05 | 7.3 High |
| A vulnerability was found in code-projects Wazifa System 1.0. It has been classified as critical. This affects an unknown part of the file /controllers/logincontrol.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10700 | 2 Anisha, Code-projects | 2 University Event Management System, University Event Management System | 2024-11-05 | 6.3 Medium |
| A vulnerability was found in code-projects University Event Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file submit.php. The manipulation of the argument name/email/title/Year/gender/fromdate/todate/people leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "name" to be affected. But it must be assumed that a variety of other parameters is affected too. | ||||
| CVE-2024-10733 | 2 Carmelogarcia, Code-projects | 2 Restaurant Order System, Online Restaurant Management System | 2024-11-05 | 7.3 High |
| A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||