31
|
9.8 |
CRITICAL
Network
playsms
|
playsms
|
A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Affected is an unknown function of the file /playsms/index.php?app=main&inc=core_auth&route=forgot&op=forgot …
Update
|
CWE-94
Code Injection
|
CVE-2024-8880
|
2024-09-21 01:41 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
32
|
7.8 |
HIGH
Local
|
qnap
|
qts quts_hero
|
A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perfo…
Update
|
CWE-862
Missing Authorization
|
CVE-2023-39298
|
2024-09-21 01:39 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
33
|
6.1 |
MEDIUM
Network
|
intumit
|
smartrobot_firmware
|
SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting at…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8776
|
2024-09-21 01:38 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
34
|
2.4 |
LOW
Adjacent
|
qnap
|
qts quts_hero
|
An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local networ…
Update
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-32771
|
2024-09-21 01:38 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
35
|
7.5 |
HIGH
Network
mfasoft
|
secure_authentication_server
|
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows re…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-46937
|
2024-09-21 01:37 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
36
|
9.8 |
CRITICAL
Network
apache
|
seata
|
Deserialization of Untrusted Data vulnerability in Apache Seata.
When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct unco…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-22399
|
2024-09-21 01:37 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
37
|
- |
|
-
|
-
|
A vulnerability classified as critical has been found in Codezips Internal Marks Calculation 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument tid leads to …
New
|
CWE-89
SQL Injection
|
CVE-2024-9037
|
2024-09-21 01:35 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
38
|
- |
|
-
|
-
|
A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_add.php. The manipulation of the argument i…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-9036
|
2024-09-21 01:35 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
39
|
- |
|
-
|
-
|
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/login.php of the component Admin Login…
New
|
CWE-89
SQL Injection
|
CVE-2024-9035
|
2024-09-21 01:35 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
40
|
- |
|
-
|
-
|
A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php. The manipulatio…
New
|
CWE-89
SQL Injection
|
CVE-2024-9034
|
2024-09-21 01:35 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|