41
|
- |
|
-
|
-
|
A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /admin-dashboard. The manipulation leads to improper access…
New
|
CWE-284
Improper Access Control
|
CVE-2024-10353
|
2024-10-25 09:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
42
|
- |
|
-
|
-
|
A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue affects the function sub_424CE0 of the file /goform/setMacFilterCfg of the component POST Request Han…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2024-10351
|
2024-10-25 09:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
43
|
- |
|
-
|
-
|
A vulnerability was found in code-projects Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/add-doctor.php. The manipulatio…
New
|
CWE-89
SQL Injection
|
CVE-2024-10350
|
2024-10-25 08:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
44
|
- |
|
-
|
-
|
OpenRefine is a free, open source tool for working with messy data. The load-language command expects a `lang` parameter from which it constructs the path of the localization file to load, of the for…
New
|
CWE-22
Path Traversal
|
CVE-2024-49760
|
2024-10-25 07:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
45
|
- |
|
-
|
-
|
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint `http://<Zima_Server_IP:PORT>/v2_1/file` in Zi…
New
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2024-49359
|
2024-10-25 07:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
46
|
- |
|
-
|
-
|
Pterodactyl is a free, open-source game server management panel. When a user disables two-factor authentication via the Panel, a `DELETE` request with their current password in a query parameter will…
New
|
CWE-313
Cleartext Storage in a File or on Disk
|
CVE-2024-49762
|
2024-10-25 07:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
47
|
- |
|
-
|
-
|
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the loggin…
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-49750
|
2024-10-25 07:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
48
|
- |
|
-
|
-
|
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint `http://<Server-IP>/v1/users/login` in ZimaOS …
New
|
-
|
CVE-2024-49358
|
2024-10-25 07:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
49
|
- |
|
-
|
-
|
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as `http://<Server-IP>/v1/use…
New
|
CWE-200
Information Exposure
|
CVE-2024-49357
|
2024-10-25 07:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
50
|
- |
|
-
|
-
|
Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to SQL Injection in the `transaction_delete_group` function. The vulnerability is due to improper sanitization of user input in the …
New
|
-
|
CVE-2024-41618
|
2024-10-25 07:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|