91
|
9.8 |
CRITICAL
Network
sfs
|
insuree_gl
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: before 4.6.2.
Update
|
CWE-89
SQL Injection
|
CVE-2024-6401
|
2024-09-21 02:07 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
92
|
7.8 |
HIGH
Local
|
refuel
|
autolabel
|
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a use…
Update
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2024-27321
|
2024-09-21 02:06 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
93
|
8.8 |
HIGH
Network
|
oretnom23
|
simple_forum\/discussion_system
|
A vulnerability, which was classified as critical, was found in SourceCodester Simple Forum-Discussion System 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argu…
New
|
CWE-22
Path Traversal
|
CVE-2024-9032
|
2024-09-21 02:04 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
94
|
9.8 |
CRITICAL
Network
best_online_news_portal_project
|
best_online_news_portal
|
A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affects unknown code of the file /news-details.php of the component Comment Section.…
New
|
CWE-89
SQL Injection
|
CVE-2024-9008
|
2024-09-21 02:01 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
95
|
8.1 |
HIGH
Network
|
totolink
|
a720r_firmware
|
A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack…
Update
|
CWE-78
OS Command
|
CVE-2024-8869
|
2024-09-21 01:59 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
96
|
7.5 |
HIGH
Network
xiaohe4966
|
tpmecms
|
A vulnerability, which was classified as problematic, has been found in xiaohe4966 TpMeCMS up to 1.3.3.1. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipu…
Update
|
CWE-22
Path Traversal
|
CVE-2024-8876
|
2024-09-21 01:58 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
97
|
6.7 |
MEDIUM
Local
|
cisco
|
identity_services_engine
|
A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system a…
Update
|
CWE-78
OS Command
|
CVE-2024-20469
|
2024-09-21 01:58 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
98
|
4.7 |
MEDIUM
Network
|
send_project
|
send
|
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-43799
|
2024-09-21 01:57 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
99
|
7.5 |
HIGH
Network
opendaylight
|
authentication\ _authorization_and_accounting
|
An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue con…
Update
|
NVD-CWE-noinfo
|
CVE-2024-46943
|
2024-09-21 01:56 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
100
|
8.8 |
HIGH
Network
|
qnap
|
qts quts_hero
|
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execu…
Update
|
CWE-120 CWE-122
Classic Buffer Overflow Heap-based Buffer Overflow
|
CVE-2024-32763
|
2024-09-21 01:49 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|