CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-45088 IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the inten... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-11073 A vulnerability classified as problematic has been found in SourceCodester Hospital Management System 1.0. This affects an unknown part of the file /vm/patient/delete-account.php. The manipulation of ... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-47595 An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidential... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-45087 IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the inten... | 4.8 | MEDIUM | β | 0 |
| CVE-2024-11074 A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. This vulnerability affects unknown code of the file /incadd.php. The manipulation of the argument incc... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-11076 A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0. This issue affects some unknown processing of the file /activation.php. The manipulation of the ... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-11077 A vulnerability, which was classified as critical, was found in code-projects Job Recruitment 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument email leads ... | 7.3 | HIGH | β | 0 |
| CVE-2024-51135 An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-10315 In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD. | N/A | NONE | β | 0 |
| CVE-2024-46965 The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the allvideo.downloader.brow... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-48322 UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability. | 8.1 | HIGH | β | 0 |
| CVE-2024-50320 An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 | HIGH | β | 0 |
| CVE-2024-51484 Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controller... | 8.1 | HIGH | β | 0 |
| CVE-2024-51485 Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. T... | 8.1 | HIGH | β | 0 |
| CVE-2024-51486 Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URLβ-βFavicon". Thi... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-51487 Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. T... | 8.1 | HIGH | β | 0 |
| CVE-2024-51488 Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnera... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-51489 Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another.... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-51490 Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This sect... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-29119 A vulnerability has been identified in Spectrum Power 7 (All versions < V24Q3). The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escal... | 7.8 | HIGH | β | 0 |
| CVE-2024-51992 Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue (CWE-749: Expos... | 4.1 | MEDIUM | β | 0 |
| CVE-2024-52288 libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. In affected versions an unexpected `REPLY_CCRYPT`... | 5.1 | MEDIUM | β | 0 |
| CVE-2024-10694 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-9542. Reason: This candidate is a reservation duplicate of CVE-2024-9542. Notes: All CVE users should reference CVE... | N/A | NONE | β | 0 |
| CVE-2024-46962 The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainA... | 9.1 | CRITICAL | β | 0 |
| CVE-2024-46963 The com.superfast.video.downloader (aka Super Unlimited Video Downloader - All in One) application through 5.1.9 for Android allows an attacker to execute arbitrary JavaScript code via the com.bluesky... | 8.1 | HIGH | β | 0 |
| CVE-2024-46964 The com.video.downloader.all (aka All Video Downloader) application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity com... | 8.1 | HIGH | β | 0 |
| CVE-2024-46966 The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity ... | 8.1 | HIGH | β | 0 |
| CVE-2024-51026 The NetAdmin IAM system (version 4.0.30319) has a Cross Site Scripting (XSS) vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-23983 Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules. | N/A | NONE | β | 0 |
| CVE-2024-25253 Driver Booster v10.6 was discovered to contain a buffer overflow via the Host parameter under the Customize proxy module. | 7.5 | HIGH | β | 0 |
| CVE-2024-50636 PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-51213 Cross Site Scripting vulnerability in Online Shop Store v.1.0 allows a remote attacker to execute arbitrary code via the login.php component. | 6.1 | MEDIUM | β | 0 |
| CVE-2024-11096 A vulnerability, which was classified as critical, was found in code-projects Task Manager 1.0. This affects an unknown part of the file /newProject.php. The manipulation of the argument projectName l... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-42372 Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confid... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-47586 SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. Th... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-47587 Cash Operations does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges causing low impact to confidentiality to the application. | 3.5 | LOW | β | 0 |
| CVE-2024-47588 In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local acce... | 4.7 | MEDIUM | β | 0 |
| CVE-2024-47590 An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page... | 8.8 | HIGH | β | 0 |
| CVE-2024-47592 SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-47593 SAP NetWeaver Application Server ABAP allows an unauthenticated attacker with network access to read files from the server, which otherwise would be restricted.This attack is possible only if a Web Di... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-11097 A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Main Menu. The manipulatio... | 3.3 | LOW | β | 0 |
| CVE-2024-11099 A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument email lea... | 7.3 | HIGH | β | 0 |
| CVE-2024-8881 A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker wit... | 6.8 | MEDIUM | β | 0 |
| CVE-2024-8882 A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlierΒ could allow an authenticated, LAN-based attacker with administrator privil... | 4.5 | MEDIUM | β | 0 |
| CVE-2024-49394 In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original s... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-49395 In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-11127 A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulati... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-10538 The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the before_label parameter in the Image Comparison widget in all versions up to, and including, 3.1... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-10672 The Multiple Page Generator Plugin β MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all... | 2.7 | LOW | β | 0 |
| CVE-2024-10685 The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.0.6 due to insufficien... | 6.1 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.