Export limit exceeded: 344184 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344184 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9081 | 2 Oretnom23, Sourcecodester | 2 Online Eyewear Shop, Online Eyewear Shop | 2024-09-27 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view_category.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8479 | 1 Webliberty | 1 Simple Spoiler | 2024-09-27 | 7.3 High |
| The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2024-9038 | 2 Codezips, Online Shopping Portal Project | 2 Online Shopping Portal, Online Shopping Portal | 2024-09-27 | 4.3 Medium |
| A vulnerability classified as problematic was found in Codezips Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation of the argument productimage1/productimage2/productimage3 leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9039 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2024-09-27 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=signup. The manipulation of the argument firstname/lastname/email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9041 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2024-09-27 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=update_account. The manipulation of the argument firstname/lastname/email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9033 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2024-09-27 | 3.5 Low |
| A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_category. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9094 | 1 Code-projects | 1 Blood Bank System | 2024-09-27 | 6.3 Medium |
| A vulnerability classified as critical was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /admin/blood/update/o-.php. The manipulation of the argument bloodname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9040 | 1 Code-projects | 1 Blood Bank Management System | 2024-09-27 | 2.3 Low |
| A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password Handler. The manipulation leads to cleartext storage in a file or on disk. An attack has to be approached locally. | ||||
| CVE-2024-44062 | 1 Wpgogo | 1 Custom Field Template | 2024-09-27 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.5. | ||||
| CVE-2024-44053 | 1 Mohammadarif | 1 Opor Ayam | 2024-09-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a through 1.8. | ||||
| CVE-2024-47058 | 1 Acquia | 1 Mautic | 2024-09-27 | 2.9 Low |
| With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session. | ||||
| CVE-2024-47050 | 1 Acquia | 1 Mautic | 2024-09-27 | 5.4 Medium |
| Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable. | ||||
| CVE-2024-0005 | 1 Purestorage | 4 Flasharray, Flashblade, Purity\/\/fa and 1 more | 2024-09-27 | 9.1 Critical |
| A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. | ||||
| CVE-2021-27917 | 1 Acquia | 1 Mautic | 2024-09-27 | 7.3 High |
| Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report. | ||||
| CVE-2024-37779 | 1 Woodwing Elvis Dam | 1 Woodwing Elvis Dam | 2024-09-27 | 8.8 High |
| WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality. | ||||
| CVE-2024-44063 | 1 Happyforms | 1 Happyforms | 2024-09-27 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0. | ||||
| CVE-2024-0004 | 1 Purestorage | 2 Flasharray, Purity\/\/fa | 2024-09-27 | 9.1 Critical |
| A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array. | ||||
| CVE-2024-0003 | 1 Purestorage | 2 Flasharray, Purity\/\/fa | 2024-09-27 | 9.1 Critical |
| A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access. | ||||
| CVE-2024-0002 | 1 Purestorage | 2 Flasharray, Purity\/\/fa | 2024-09-27 | 10 Critical |
| A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. | ||||
| CVE-2024-0001 | 1 Purestorage | 2 Flasharray, Purity\/\/fa | 2024-09-27 | 10 Critical |
| A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. | ||||