CVE-2024-34241 CVSS:0.0
A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications. (Last Update:2024-05-17 18:35:35) (Publish Update:2024-05-17 15:17:40)
CVE-2024-33559 CVSS:9.3 EPSS:0.09%
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5. (Last Update:2024-04-29 12:42:04) (Publish Update:2024-04-29 06:15:13)
CVE-2024-31839 CVSS:0.0 EPSS:0.04%
Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component. (Last Update:2024-04-15 13:15:52) (Publish Update:2024-04-12 14:15:08)
CVE-2024-31819 CVSS:0.0 EPSS:0.25%
An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component. (Last Update:2024-04-11 12:47:44) (Publish Update:2024-04-10 00:00:00)
CVE-2024-30851 CVSS:0.0 EPSS:0.51%
Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the download_file.php component. (Last Update:2024-05-06 12:44:56) (Publish Update:2024-05-03 17:15:08)
CVE-2024-30850 CVSS:0.0 EPSS:0.04%
An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go (Last Update:2024-04-12 12:43:46) (Publish Update:2024-04-12 06:15:07)
CVE-2024-28741 CVSS:0.0 EPSS:0.16%
Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component. (Last Update:2024-04-08 18:48:40) (Publish Update:2024-04-06 00:00:00)
CVE-2024-28595 CVSS:0.0 EPSS:0.10%
SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php. (Last Update:2024-03-19 20:08:42) (Publish Update:2024-03-19 00:00:00)
CVE-2024-27747 CVSS:0.0 EPSS:0.10%
File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component. (Last Update:2024-03-13 07:15:37) (Publish Update:2024-03-01 22:15:48)
CVE-2024-27746 CVSS:0.0 EPSS:0.10%
SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component. (Last Update:2024-03-13 07:15:36) (Publish Update:2024-03-01 22:15:48)
This vulnerability list widget is provided by www.cvedetails.com. CVEdetails.com is updated! Visit www.cvedetails.com to see what's new in the new version!