Vulnerability Notes
- CVE-2024-8572 | Gouniverse GoLang CMS 1.4.0 FrontendHandler.go PageRenderHtmlByAlias alias cross site scripting
- CVE-2024-8571 | erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9 views.py information exposure
- CVE-2024-8570 | itsourcecode Tailoring Management System 1.0 /inccatadd.php title sql injection
- CVE-2024-8569 | code-projects Hospital Management System 1.0 user-login.php username sql injection
- CVE-2024-8568 | Mini-Tmall up to 20240901 tmall/admin/order/1/1 rewardMapper.select orderBy sql injection
- CVE-2024-8567 | itsourcecode Payroll Management System 1.0 ajax.php id sql injection
- CVE-2024-8566 | code-projects Online Shop Store 1.0 /settings.php error cross site scripting
- CVE-2024-1596 | Ninja Forms File Uploads Plugin up to 3.3.16 on WordPress File Upload cross site scripting
- CVE-2024-7620 | Customizer Export Import Plugin up to 0.9.7 on WordPress Setting Import unrestricted upload
- CVE-2024-6849 | Preloader Plus Plugin up to 2.2.1 on WordPress SVG File Upload cross site scripting
- CVE-2024-7112 | Pinpoint Booking System Plugin up to 2.9.9.5.0 on WordPress sql injection
- CVE-2024-6010 | Cost Calculator Builder Pro Plugin up to 3.1.96 on WordPress improper authorization
- CVE-2024-8538 | Big File Uploads Plugin up to 2.1.2 on WordPress information disclosure
- CVE-2024-8443 | libopensc OpenPGP Driver heap-based overflow
- CVE-2024-44839 | RapidCMS 1.3.1 /default/article.php articleid sql injection (Issue 18)
- CVE-2024-45771 | RapidCMS 1.3.1 /resource/runlogin.php password sql injection (Issue 17)
- CVE-2024-44838 | RapidCMS 1.3.1 /resource/runlogin.php username sql injection (Issue 17)
- CVE-2024-8565 | SourceCodesters Clinics Patient Management System 2.0 /print_diseases.php disease/from/to sql injection
- CVE-2024-8564 | SourceCodester PHP CRUD 1.0 /endpoint/update.php tbl_person_id/first_name/middle_name/last_name sql injection
- CVE-2024-8563 | SourceCodester PHP CRUD 1.0 /endpoint/update.php first_name/middle_name/last_name cross site scripting
- CVE-2024-8562 | SourceCodester PHP CRUD 1.0 /endpoint/Add.php first_name/middle_name/last_name cross site scripting
- CVE-2024-8561 | SourceCodester PHP CRUD 1.0 Delete Person /endpoint/delete.php person sql injection
- CVE-2024-8560 | SourceCodester Simple Invoice Generator System 1.0 /save_invoice.php sql injection
- CVE-2024-8559 | SourceCodester Online Food Menu 1.0 delete-menu.php menu sql injection
- CVE-2024-8558 | SourceCodester Food Ordering Management System 1.0 Price place-order.php total improper validation of specified quantity in input
- CVE-2024-8557 | SourceCodester Food Ordering Management System 1.0 cancel-order.php id sql injection
- CVE-2024-44845 | DrayTek Vigor3900 1.5.1.6 filter_string value command injection
- CVE-2024-44844 | DrayTek Vigor3900 1.5.1.6 run_command name command injection
- CVE-2024-8555 | SourceCodester Clinics Patient Management System 2.0 congratulations.php goto_page redirect
- CVE-2024-8554 | SourceCodester Clinics Patient Management System 2.0 /users.php message cross site scripting
- VDB-276772 | Backdoor.Win32.Symmi.qua ksomnbi.dll stack-based overflow
- VDB-276771 | HackTool.Win32.Freezer.br credentials storage
- VDB-276770 | Backdoor.Win32.Optix.02.b TCP Port 5151 hard-coded credentials
- VDB-276769 | Backdoor.Win32.JustJoke.21 TCP Port 28072 improper authentication
- VDB-276768 | Backdoor.Win32.PoisonIvy.ymw PoisonIvy PE File Generator PILib.dll cleartext storage
- CVE-2024-34156 | Google Go encoding-gob recursion
- CVE-2024-7652 | Mozilla Thunderbird ECMA-262 type confusion
- CVE-2024-7652 | Mozilla Firefox ECMA-262 type confusion
- CVE-2024-45034 | Apache Airflow up to 2.10.0 DAG Folder Privilege Escalation
- CVE-2024-45498 | Apache Airflow 2.10.0 DAG Trigger Permission command injection
- CVE-2024-44402 | D-Link DI-8100G 17.12.20A1 msp_info.htm command injection
- CVE-2024-38640 | QNAP Download Station prior 5.8.6.283 cross site scripting (qsa-24-35)
- CVE-2024-32762 | QNAP QuLog Center prior 1.7.0.827/1.8.0.872 cross site scripting (qsa-24-30)
- CVE-2024-27122 | QNAP Notes Station 3 up to 3.9.5 cross site scripting (qsa-24-21)
- CVE-2024-27126 | QNAP Notes Station 3 prior 3.9.6 cross site scripting (qsa-24-21)
- CVE-2024-21897 | QNAP QTS/QuTS hero prior 5.1.6.2722 Build 20240402 cross site scripting (qsa-24-20)
- CVE-2024-27125 | QNAP Helpdesk up to 3.3.0 cross site scripting (qsa-24-29)
- CVE-2023-50366 | QNAP QTS/QuTS hero prior 5.1.6.2722 Build 20240402 cross site scripting (qsa-24-20)
- CVE-2024-38642 | QNAP QuMagie up to 2.3.0 certificate validation (qsa-24-34)
- CVE-2022-27592 | QNAP QVR Smart Client prior 2.4.0.0570 unquoted search path (qsa-24-22)
- CVE-2024-38641 | QNAP QTS/QuTS hero prior 5.1.8.2823 Build 20240712 os command injection (qsa-24-33)
- CVE-2024-32771 | QNAP QTS/QuTS hero/QuTScloud excessive authentication (qsa-24-28)
- CVE-2023-39298 | QNAP QTS/QuTS hero/QuTScloud authorization (qsa-24-28)
- CVE-2024-8394 | Mozilla Thunderbird up to 128.1 OTR Chat Session use after free
- CVE-2023-50360 | QNAP Video Station up to 5.8.0 sql injection (qsa-24-24)
- CVE-2023-47563 | QNAP Video Station up to 5.8.1 os command injection (qsa-24-24)
- CVE-2023-45038 | QNAP Music Station up to 5.3.x improper authentication (qsa-24-25)
- CVE-2023-39300 | QNAP QTS/QuTS hero/QuTScloud os command injection (qsa-24-26)
- CVE-2024-44408 | D-Link DIR-823G 1.0.2B05_20181207 Configuration File information disclosure
- CVE-2024-32763 | QNAP QTS/QuTS hero prior 5.1.8.2823 Build 20240712 buffer overflow (qsa-24-33)
- CVE-2024-21906 | QNAP QTS/QuTS hero prior 5.1.8.2823 Build 20240712 os command injection (qsa-24-33)
- CVE-2024-21904 | QNAP QTS/QuTS hero prior 5.1.7.2770 Build 20240520 path traversal (qsa-24-23)
- CVE-2024-21903 | QNAP QTS/QuTS hero prior 5.1.6.2722 Build 20240402 os command injection (qsa-24-20)
- CVE-2024-21898 | QNAP QTS/QuTS hero prior 5.1.6.2722 Build 20240402 os command injection (qsa-24-20)
- CVE-2023-51368 | QNAP QTS/QuTS hero prior 5.1.6.2722 Build 20240402 null pointer dereference (qsa-24-20)
- CVE-2023-51367 | QNAP QTS/QuTS hero prior 5.1.6.2722 Build 20240402 buffer overflow (qsa-24-20)
- CVE-2023-51366 | QNAP QTS/QuTS hero 5.1.4.2596 Build 20231128 path traversal (qsa-24-20)
- CVE-2023-34979 | QNAP QTS/QuTS hero prior 4.5.4.2790 Build 20240605 os command injection (qsa-24-32)
- CVE-2023-34974 | QNAP QTS/QuTS hero/QuTScloud/QVR/QES os command injection (qsa-24-32)
- CVE-2024-44401 | D-Link DI-8100G 17.12.20A1 upgrade_filter.asp sub47A60C command injection
- CVE-2024-8509 | Red Hat Migration Toolkit for Virtualization improper authorization
- CVE-2024-8517 | SPIP up to 4.1.18/4.2.15/4.3.1 Multipart File Upload reliance on file name or extension of externally-supplied file
- CVE-2024-45294 | hapifhir HL7 FHIR Core Artifacts up to 6.3.22 xml external entity reference
- CVE-2024-45758 | h2oai H2O up to 3.46.0.4 JDBC Connection connection_url deserialization
- CVE-2024-8523 | lmxcms up to 1.4 SQL Command Execution Module admin.php formatData data code injection
- CVE-2024-25584 | Open-Xchange OX Dovecot Pro up to 2.3.21 DATA Command data authenticity (oxdc-adv-2024-0001)
- CVE-2024-8521 | Wavelog up to 1.8.0 Live QSO /qso index manual cross site scripting
- CVE-2024-6445 | DataFlowX Technology DataDiodeX up to 3.4.x path traversal
- CVE-2024-44837 | deathbreak Drug 1.0 \bean\Manager.java user cross site scripting
- CVE-2024-45405 | Byron gitoxide up to 0.10.10 gix_path::env resolution of path (GHSA-m8rp-vv92-46c7)
- CVE-2024-45299 | alfio-event alf.io up to 2.0-M4 Content Security Policy escape output (GHSA-mcx6-25f8-8rqw)
- CVE-2024-45040 | Consensys gnark up to 0.10.x information disclosure (GHSA-9xcg-3q8v-7fq6)
- CVE-2024-45039 | Consensys gnark up to 0.11.0 (GHSA-q3hw-3gm4-w5cr)
- CVE-2024-45300 | alfio-event alf.io up to 2.0-M4 race condition (GHSA-67jg-m6f3-473g)
- CVE-2024-44739 | SourceCodester Simple Forum Website 1.0 id sql injection
- CVE-2024-1744 | Ariva Computer Accord ORS up to 7.3.2.0 information disclosure
- CVE-2023-52916 | Linux Kernel up to 6.5 denial of service (c281355068bc)
- CVE-2023-52915 | Linux Kernel up to 6.5.4 Media az6027_i2c_xfer null pointer dereference
- CVE-2024-34158 | Google Go up to 1.22.6/1.23.0 go-build-constraint resource consumption
- CVE-2024-34155 | Google Go up to 1.22.6/1.23.0 go-parser Parse resource consumption
- CVE-2024-40718 | Veeam Backup for Nutanix AHV server-side request forgery (kb4649)
- CVE-2024-38651 | Veeam Service Provider Console up to 8.0.0.19552 File access control (kb4649)
- CVE-2024-39715 | Veeam Service Provider Console up to 8.0.0.19552 REST API unrestricted upload (kb4649)
- CVE-2024-39714 | Veeam Service Provider Console up to 8.0.0.19552 File unrestricted upload (kb4649)
- CVE-2024-38650 | Veeam Service Provider Console up to 8.0.0.19552 NTLM Hash information disclosure (kb4649)
- CVE-2024-42020 | Veeam ONE up to 12.1.0.3208 Reporter Widgets cross site scripting (kb4649)
- CVE-2024-42022 | Veeam ONE up to 12.1.0.3208 Configuration File access control (kb4649)
- CVE-2024-42021 | Veeam ONE up to 12.1.0.3208 Access Token access control (kb4649)
- CVE-2024-42023 | Veeam ONE up to 12.1.0.3208 Privilege Escalation (kb4649)
- CVE-2024-42019 | Veeam ONE up to 12.1.0.3208 Reporter Service Privilege Escalation (kb4649)