CVEs from 2024
Total
6,633
critical
critical 166
high
high 1,073
medium
medium 2,066
low
low 49
% Critical
2.5%
% with KEV
2.5%
% with exploit
3.4%
Top products
- surveillance_station 12
- checkmk 10
- profilegrid 8
- office 8
- office_long_term_servicing_channel 6
- propertyhive 5
- glibc 5
- element_pack 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-51092 | critical | 9.1 | 10.0 | 27d ago | LibreNMS has an Authenticated OS Command Injection | |||
| CVE-2024-13152 | critical | 10.0 | 10.0 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection. This issue affects Mo… | |||
| CVE-2024-53822 | critical | 10.0 | 10.0 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3. | |||
| CVE-2024-49314 | critical | 10.0 | 10.0 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in jiangqie JiangQie Free Mini Program jiangqie-free-mini-program allows Upload a Web Shell to a Web Server.This issue affects JiangQie F… | |||
| CVE-2024-49291 | critical | 10.0 | 10.0 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0. | |||
| CVE-2024-49242 | critical | 10.0 | 10.0 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery digital-lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through … | |||
| CVE-2024-49216 | critical | 10.0 | 10.0 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in jclay06 Feed Comments Number feed-comments-number allows Upload a Web Shell to a Web Server.This issue affects Feed Comments Number: f… | |||
| CVE-2024-28000 | critical | 9.8 | 10.0 | 2y ago | Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1. | |||
| CVE-2024-43242 | critical | 10.0 | 10.0 | 2y ago | Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.This issue affects Ultimate Membership Pro: from n/a through <= 12.7. | |||
| CVE-2024-7593 | critical | 9.8 | 10.0 | 2y ago | Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account. | |||
| CVE-2024-34555 | critical | 10.0 | 10.0 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through 1.11.3. | |||
| CVE-2024-31377 | critical | 10.0 | 10.0 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.7.01.001. | |||
| CVE-2024-33566 | critical | 10.0 | 10.0 | 2y ago | Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4. | |||
| CVE-2024-33559 | critical | 9.3 | 10.0 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5. | |||
| CVE-2024-31115 | critical | 10.0 | 10.0 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a thro… | |||
| CVE-2024-30498 | critical | 10.0 | 10.0 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4. | |||
| CVE-2024-30225 | critical | 10.0 | 10.0 | 2y ago | Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10. | |||
| CVE-2024-27956 | critical | 9.8 | 10.0 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0. | |||
| CVE-2024-1708 | high | 8.4 | 10.0 | 2y ago | ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems. | |||
| CVE-2024-8950 | critical | 9.9 | 9.9 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arne Informatics Piramit Automation allows Blind SQL Injection. This issue affects Piramit Autom… | |||
| CVE-2024-49671 | critical | 9.9 | 9.9 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Dogu Pekgoz AI Image Generator for Your Content & Featured Images – AI Postpix ai-postpix allows Upload a Web Shell to a Web Server.Th… | |||
| CVE-2024-5618 | critical | 9.9 | 9.9 | 2y ago | Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs. This issue a… | |||
| CVE-2024-37418 | critical | 9.9 | 9.9 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.4.6. | |||
| CVE-2024-34411 | critical | 9.9 | 9.9 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Thomas Scholl canvasio3D Light.This issue affects canvasio3D Light: from n/a through 2.5.0. | |||
| CVE-2024-32514 | critical | 9.9 | 9.9 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.4. | |||
| CVE-2024-31286 | critical | 9.9 | 9.9 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before 8.6.03.005. | |||
| CVE-2024-24707 | critical | 9.9 | 9.9 | 2y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL. Cwicly allows Code Injection.This issue affects Cwicly: from n/a through 1.4.0.2. | |||
| CVE-2024-31390 | critical | 9.9 | 9.9 | 2y ago | : Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.This issue affects Breakdance: from n/a through 1.7.2. | |||
| CVE-2024-27972 | critical | 9.9 | 9.9 | 2y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite.This issue affects WP Fusion Lite: from n/a through <= 3.41.24. | |||
| CVE-2024-30228 | critical | 9.9 | 9.9 | 2y ago | Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4. | |||
| CVE-2024-0402 | critical | 9.9 | 9.9 | 2y ago | An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbi… | |||
| CVE-2024-13150 | critical | 9.8 | 9.8 | 8mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Fayton Software and Consulting Services fayton.Pro ERP allows SQL Injection. This issue affects … | |||
| CVE-2024-13151 | critical | 9.8 | 9.8 | 9mo ago | CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service… | |||
| CVE-2024-13149 | critical | 9.8 | 9.8 | 9mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arma Store Armalife allow… | |||
| CVE-2024-12364 | critical | 9.8 | 9.8 | 11mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mavi Yeşil Software Guest Tracking Software allows SQL Injection. This issue affects Guest Track… | |||
| CVE-2024-12150 | critical | 9.8 | 9.8 | 11mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eron Software Wowwo CRM allows Blind SQL Injection. This issue affects Wowwo CRM. NOTE: The ve… | |||
| CVE-2024-12143 | critical | 9.8 | 9.8 | 11mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobilteg Mobile Informatics Mikro Hand Terminal - MikroDB allows SQL Injection. This issue affec… | |||
| CVE-2024-11739 | critical | 9.8 | 9.8 | 11mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Case Informatics Case ERP allows SQL Injection. This issue affects Case ERP: before V2.0.1. | |||
| CVE-2024-51800 | critical | 9.8 | 9.8 | 1y ago | Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1. | |||
| CVE-2024-12016 | critical | 9.8 | 9.8 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection. This issue affects CM News: through 6.0. NOT… | |||
| CVE-2024-8997 | critical | 9.8 | 9.8 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection. This issue affects EVC04 Configuratio… | |||
| CVE-2024-12144 | critical | 9.8 | 9.8 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Finder Fire Safety Finder ERP/CRM (Old System) allows SQL Injection. This issue affects Finder E… | |||
| CVE-2024-13147 | critical | 9.8 | 9.8 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injection. This issue affects B2B Login Panel: before… | |||
| CVE-2024-12097 | critical | 9.8 | 9.8 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel allows SQL Injection. This issue affects E-Travel: before 15.12.2… | |||
| CVE-2024-8262 | critical | 9.8 | 9.8 | 1y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Proliz Software OBS allows Path Traversal. This issue affects OBS: before 24.0927. | |||
| CVE-2024-13148 | critical | 9.8 | 9.8 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yukseloglu Filter B2B Login Platform allows SQL Injection. This issue affects B2B Login Platform… | |||
| CVE-2024-56000 | critical | 9.8 | 9.8 | 1y ago | Incorrect Privilege Assignment vulnerability in SeventhQueen K Elements k-elements allows Privilege Escalation.This issue affects K Elements: from n/a through < 5.4.0. | |||
| CVE-2024-13365 | critical | 9.8 | 9.8 | 1y ago | The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through t… | |||
| CVE-2024-10244 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ISDO Software Web Software allows SQL Injection. This issue affects Web Software: before 3.6. | |||
| CVE-2024-8972 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection. This issue affects Saha365 App: before 30… | |||
| CVE-2024-43234 | critical | 9.8 | 9.8 | 2y ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice woffice allows Authentication Bypass.This issue affects Woffice: from n/a through <= 5.4.14. | |||
| CVE-2024-8259 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection. This… | |||
| CVE-2024-52480 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Astoundify Jobify jobify.This issue affects Jobify: from n/a through < 4.3.0. | |||
| CVE-2024-52431 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue a… | |||
| CVE-2024-52412 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Stephen Cui Xin allows Object Injection.This issue affects Xin: from n/a through 1.0.8.1. | |||
| CVE-2024-10534 | critical | 9.8 | 9.8 | 2y ago | Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traffic Injection. This issue affects Person… | |||
| CVE-2024-21541 | critical | 9.8 | 9.8 | 2y ago | dom-iterator code execution vulnerability | |||
| CVE-2024-38612 | critical | 9.8 | 9.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defin… | |||
| CVE-2024-10035 | critical | 9.8 | 9.8 | 2y ago | Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elements used in a Command ('Command Injection'), Improper Neutralization of Special Elements used in an … | |||
| CVE-2024-43956 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Caseproof, LLC Memberpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberpress: from n/a through 1.11.34. | |||
| CVE-2024-50478 | critical | 9.8 | 9.8 | 2y ago | Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication:… | |||
| CVE-2024-49625 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in sphoid SiteBuilder Dynamic Components sitebuilder-dynamic-components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from… | |||
| CVE-2024-49626 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Piyush Patel Shipyaari Shipping Management shipyaari-shipping-managment allows Object Injection.This issue affects Shipyaari Shipping Management: fr… | |||
| CVE-2024-49322 | critical | 9.8 | 9.8 | 2y ago | Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress jemployee allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a throug… | |||
| CVE-2024-49217 | critical | 9.8 | 9.8 | 2y ago | Incorrect Privilege Assignment vulnerability in madiriaashish Adding drop down roles in registration user-drop-down-roles-in-registration allows Privilege Escalation.This issue affects Adding drop do… | |||
| CVE-2024-49227 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in foter Free Stock Photos Foter free-stock-photos-foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through <= 1.5.4. | |||
| CVE-2024-49218 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently recently-viewed-most-viewed-and-sold-products-for-woocommerce allows Object Injection.This issue affects Recently: from n/a … | |||
| CVE-2024-49247 | critical | 9.8 | 9.8 | 2y ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in SK BuddyPress Better Registration better-bp-registration allows Authentication Bypass.This issue affects BuddyPress Better Re… | |||
| CVE-2024-8643 | critical | 9.8 | 9.8 | 2y ago | Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking. This issue affects ValeApp: before v2.0.0. | |||
| CVE-2024-8607 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection. This issue affects ValeApp: before v2.0.0. | |||
| CVE-2024-7108 | critical | 9.8 | 9.8 | 2y ago | Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CyberMath: before CYBM.24… | |||
| CVE-2024-9142 | critical | 9.8 | 9.8 | 2y ago | External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls. T… | |||
| CVE-2024-5960 | critical | 9.8 | 9.8 | 2y ago | Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials. This issue affects Panel: before v2.3.24. | |||
| CVE-2024-45491 | critical | 9.8 | 9.8 | 2y ago | RHSA-2024:8859: xmlrpc-c security update (Moderate) | |||
| CVE-2024-45492 | critical | 9.8 | 9.8 | 2y ago | RHSA-2024:6989: expat security update (Moderate) | |||
| CVE-2024-7104 | critical | 9.8 | 9.8 | 2y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection. This issue affects ww.Winsure: before 4.6.2. | |||
| CVE-2024-7098 | critical | 9.8 | 9.8 | 2y ago | Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection. This issue affects ww.Winsure: before 4.6.2. | |||
| CVE-2024-6401 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection. This issue affects InsureE GL: before 4.6.2. | |||
| CVE-2024-6656 | critical | 9.8 | 9.8 | 2y ago | Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable. This issue affects Cockpit Software: before v2.13. | |||
| CVE-2024-43455 | critical | 9.8 | 9.8 | 2y ago | Windows Remote Desktop Licensing Service Spoofing Vulnerability | |||
| CVE-2024-7015 | critical | 9.8 | 9.8 | 2y ago | Missing Authentication for Critical Function vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse. This issue affects PassBox: before v1.2. | |||
| CVE-2024-7078 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection. This issue affec… | |||
| CVE-2024-7076 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection. This issue… | |||
| CVE-2024-4259 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users. This issue affects AKOS (AkosCep… | |||
| CVE-2024-6919 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection. This issue affects NAC… | |||
| CVE-2024-4428 | critical | 9.8 | 9.8 | 2y ago | Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users. This issue affects Ma… | |||
| CVE-2024-7071 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows S… | |||
| CVE-2024-43354 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2. | |||
| CVE-2024-6917 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection. This issue affec… | |||
| CVE-2024-7221 | critical | 9.8 | 9.8 | 2y ago | A vulnerability was determined in SourceCodester/Campcodes School Log Management System 1.0. This affects an unknown part of the file /admin/manage_user.php. This manipulation of the argument ID caus… | |||
| CVE-2024-7220 | critical | 9.8 | 9.8 | 2y ago | A vulnerability was found in SourceCodester/Campcodes School Log Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/print_barcode.php. The manipulation of … | |||
| CVE-2024-7219 | critical | 9.8 | 9.8 | 2y ago | A vulnerability has been found in SourceCodester/Campcodes School Log Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The m… | |||
| CVE-2024-6933 | critical | 9.8 | 9.8 | 2y ago | A flaw has been found in LimeSurvey 6.5.14-240624. Affected by this issue is the function actionUpdateSurveyLocaleSettingsGeneralSettings of the file /index.php?r=admin/database/index/updatesurveyloc… | |||
| CVE-2024-0857 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection. This issue af… | |||
| CVE-2024-37927 | critical | 9.8 | 9.8 | 2y ago | Incorrect Privilege Assignment vulnerability in NooTheme Jobmonster noo-jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through <= 4.7.5. | |||
| CVE-2024-1107 | critical | 9.8 | 9.8 | 2y ago | Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Travel APP… | |||
| CVE-2024-0949 | critical | 9.8 | 9.8 | 2y ago | Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affe… | |||
| CVE-2024-0947 | critical | 9.8 | 9.8 | 2y ago | Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modify… | |||
| CVE-2024-4228 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE - 522 - Insufficiently Protected Cred… | |||
| CVE-2024-5683 | critical | 9.8 | 9.8 | 2y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Remote Code Inclusion. This issue affects Business Pr… |