Export limit exceeded: 357324 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 357324 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357324 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47145 | 1 Mattermost | 1 Mattermost Server | 2024-09-26 | 3.1 Low |
| Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links. | ||||
| CVE-2024-47003 | 1 Mattermost | 1 Mattermost Server | 2024-09-26 | 3.1 Low |
| Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend. | ||||
| CVE-2024-45843 | 1 Mattermost | 1 Mattermost Server | 2024-09-26 | 3.1 Low |
| Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or Alibaba. | ||||
| CVE-2024-8738 | 1 Castos | 1 Seriously Simple Stats | 2024-09-26 | 6.1 Medium |
| The Seriously Simple Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-8795 | 2 Ba-booking, Booking Algorithms | 2 Ba Book Everything, Ba Book Everything | 2024-09-26 | 8.8 High |
| The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. This is due to missing or incorrect nonce validation on the my_account_update() function. This makes it possible for unauthenticated attackers to update a user's account details via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be leveraged to reset a user's password and gain access to their account. | ||||
| CVE-2024-8623 | 1 Pluginus | 1 Wordpress Meta Data And Taxonomies Filter | 2024-09-26 | 7.3 High |
| The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2024-9080 | 1 Code-projects | 1 Student Record System | 2024-09-26 | 7.3 High |
| A vulnerability was found in code-projects Student Record System 1.0. It has been classified as critical. Affected is an unknown function of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9079 | 1 Code-projects | 1 Student Record System | 2024-09-26 | 7.3 High |
| A vulnerability was found in code-projects Student Record System 1.0 and classified as critical. This issue affects some unknown processing of the file /marks.php. The manipulation of the argument coursename leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9078 | 1 Code-projects | 1 Student Record System | 2024-09-26 | 7.3 High |
| A vulnerability has been found in code-projects Student Record System 1.0 and classified as critical. This vulnerability affects unknown code of the file /course.php. The manipulation of the argument coursename leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-47085 | 1 Apexsoftcell | 2 Ld Dp Back Office, Ld Geo | 2024-09-26 | 6.5 Medium |
| This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters (cCdslClicentcode and cLdClientCode) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users. | ||||
| CVE-2024-47086 | 1 Apexsoftcell | 2 Ld Dp Back Office, Ld Geo | 2024-09-26 | 6.5 Medium |
| This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API response. Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for other user accounts. | ||||
| CVE-2024-9084 | 1 Code-projects | 1 Blood Bank System | 2024-09-26 | 3.5 Low |
| A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file bbms.php. The manipulation of the argument fullname/age/bloodgroup/city/phno/gender as part of String leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9086 | 1 Code-projects | 1 Restaurant Reservation System | 2024-09-26 | 6.3 Medium |
| A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. Affected is an unknown function of the file /filter.php. The manipulation of the argument from/to leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "from" to be affected. But it must be assumed that parameter "to" is affected as well. | ||||
| CVE-2024-47087 | 1 Apexsoftcell | 2 Ld Dp Back Office, Ld Geo | 2024-09-26 | 6.5 Medium |
| This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters (Client ID, DPID or BOID) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users. | ||||
| CVE-2024-9088 | 2 Razormist, Sourcecodester | 2 Telecom Billing Management System, Telecom Billing Management System | 2024-09-26 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Telecom Billing Management System 1.0 and classified as critical. This vulnerability affects the function login. The manipulation of the argument uname leads to buffer overflow. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9087 | 2 Code Projects, Vehicle Management Project | 2 Vehicle Management, Vehicle Management | 2024-09-26 | 7.3 High |
| A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown part of the file /edit1.php. The manipulation of the argument sno leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-3163 | 2 Easy Property Listings, Realestateconnected | 2 Easy Property Listings, Easy Property Listings | 2024-09-26 | 4.3 Medium |
| The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack | ||||
| CVE-2024-8656 | 1 Wpfactory | 1 Wpfactory Helper | 2024-09-26 | 6.1 Medium |
| The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2022-45856 | 1 Fortinet | 2 Forticlient, Forticlientios | 2024-09-26 | 4.6 Medium |
| An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and both the service provider and the identity provider. | ||||
| CVE-2024-8277 | 1 Villatheme | 1 Woocommerce Photo Reviews | 2024-09-26 | 9.8 Critical |
| The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating what user transient is being used in the login() function and not properly verifying the user's identity. This makes it possible for unauthenticated attackers to log in as user that has dismissed an admin notice in the past 30 days, which is often an administrator. Alternatively, a user can log in as any user with any transient that has a valid user_id as the value, though it would be more difficult to exploit this successfully. | ||||