ReportizFlow
Filtered by vendor
Subscriptions
Total
4089 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31648 | 2024-11-21 | 6.1 Medium | ||
| Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/new_category2. | ||||
| CVE-2024-31621 | 2024-11-21 | 7.6 High | ||
| An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component. | ||||
| CVE-2024-31396 | 1 Appleple | 1 A-blog Cms | 2024-11-21 | 6.6 Medium |
| Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arbitrary command on the server. | ||||
| CVE-2024-31390 | 2024-11-21 | 9.9 Critical | ||
| : Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.This issue affects Breakdance: from n/a through 1.7.2. | ||||
| CVE-2024-31380 | 2024-11-21 | 9.9 Critical | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a through 4.9. | ||||
| CVE-2024-31266 | 1 Algolplus | 1 Advanced Order Export | 2024-11-21 | 9.1 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through 3.4.4. | ||||
| CVE-2024-31032 | 2024-11-21 | 9.8 Critical | ||
| An issue in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport v.1.1.2 allows a remote attacker to execute arbitrary code via the manager/ipping.php component. | ||||
| CVE-2024-31022 | 2024-11-21 | 9.8 Critical | ||
| An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component. | ||||
| CVE-2024-31013 | 2024-11-21 | 6.1 Medium | ||
| Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, allow remote attackers to execute arbitrary code via a crafted payload to the bottom of the homepage in footer_info parameter. | ||||
| CVE-2024-31011 | 2024-11-21 | 9.8 Critical | ||
| Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php. | ||||
| CVE-2024-31003 | 2024-11-21 | N/A | ||
| Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial at Ap4ByteStream.cpp. | ||||
| CVE-2024-30973 | 2024-11-21 | 8.8 High | ||
| An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to execute arbtirary code and obtain sensitive information via crafted POST request to /boaform/getASPdata/formFirewall, /boaform/getASPdata/formAcc. | ||||
| CVE-2024-30923 | 2024-11-21 | 9.8 Critical | ||
| SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering | ||||
| CVE-2024-30878 | 2024-11-21 | 6.1 Medium | ||
| A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter. | ||||
| CVE-2024-30868 | 2024-11-21 | 9.8 Critical | ||
| netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_getlogin.php. | ||||
| CVE-2024-30858 | 2024-11-21 | 9.8 Critical | ||
| netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php. | ||||
| CVE-2024-30845 | 2024-11-21 | 6.1 Medium | ||
| Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters. | ||||
| CVE-2024-30568 | 2024-11-21 | 9.8 Critical | ||
| Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter. | ||||
| CVE-2024-30567 | 2024-11-21 | 6.3 Medium | ||
| An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality. | ||||
| CVE-2024-30565 | 2024-11-21 | 8.8 High | ||
| An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php. | ||||