CVE-2024-28595

Public exploit
SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php.
Max CVSS
N/A
EPSS Score
0.10%
Published
2024-03-19
Updated
2024-03-19

CVE-2024-27747

Public exploit
File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component.
Max CVSS
N/A
EPSS Score
0.10%
Published
2024-03-01
Updated
2024-03-13

CVE-2024-27746

Public exploit
SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component.
Max CVSS
N/A
EPSS Score
0.10%
Published
2024-03-01
Updated
2024-03-13

CVE-2024-27744

Public exploit
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component.
Max CVSS
N/A
EPSS Score
0.10%
Published
2024-03-01
Updated
2024-03-13

CVE-2024-27743

Public exploit
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php component.
Max CVSS
N/A
EPSS Score
0.10%
Published
2024-03-01
Updated
2024-03-13

CVE-2024-27612

Public exploit
Numbas editor before 7.3 mishandles editing of themes and extensions.
Max CVSS
N/A
EPSS Score
0.14%
Published
2024-03-08
Updated
2024-03-08

CVE-2024-25832

Public exploit
F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-29
Updated
2024-02-29

CVE-2024-25830

Public exploit
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-29
Updated
2024-02-29

CVE-2024-24401

Public exploit
SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-26
Updated
2024-02-26

CVE-2024-24050

Public exploit
Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Journal App 1.0 allows attackers to run arbitrary code via parameters firstname and lastname in /add-user.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-20
Updated
2024-03-21

CVE-2024-23749

Public exploit
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.
Max CVSS
N/A
EPSS Score
0.08%
Published
2024-02-09
Updated
2024-02-09

CVE-2024-2054

Public exploit
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.
Max CVSS
N/A
EPSS Score
0.51%
Published
2024-03-05
Updated
2024-03-21

CVE-2023-38035

Known exploited
Public exploit
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
Max CVSS
N/A
EPSS Score
97.24%
Published
2023-08-21
Updated
2023-08-21
CISA KEV Added
2023-08-22

CVE-2022-24989

Public exploit
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used.
Max CVSS
N/A
EPSS Score
0.32%
Published
2023-08-20
Updated
2023-08-21

CVE-1999-0532

Public exploit
A DNS server allows zone transfers.
Max CVSS
N/A
EPSS Score
97.54%
Published
1997-07-01
Updated
2022-08-17
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function.
Max CVSS
N/A
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function.
Max CVSS
N/A
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function.
Max CVSS
N/A
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located in the deviceName parameter of the formSetDeviceName function.
Max CVSS
N/A
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-03-25
Updated
2024-03-25
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-25
Updated
2024-03-25
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-25
Updated
2024-03-25
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-03-25
Updated
2024-03-25
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Pins for Pinterest allows Stored XSS.This issue affects GS Pins for Pinterest: from n/a through 1.8.2.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-27
Updated
2024-03-27
Anope before 2.0.15 does not prevent resetting the password of a suspended account.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-25
Updated
2024-03-25
2028 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!