291
|
- |
|
-
|
-
|
MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature.
New
|
-
|
CVE-2024-37845
|
2024-10-26 04:15 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
292
|
- |
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
New
|
-
|
CVE-2024-37844
|
2024-10-26 04:15 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
293
|
5.4 |
MEDIUM
Network
|
o-dyn
|
collabtive
|
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-48707
|
2024-10-26 04:11 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
294
|
5.4 |
MEDIUM
Network
|
o-dyn
|
collabtive
|
Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-48708
|
2024-10-26 04:10 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
295
|
8.8 |
HIGH
Network
|
pandorafms
|
pandora_fms
|
A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through <777.3.
Update
|
CWE-89
SQL Injection
|
CVE-2024-9987
|
2024-10-26 04:06 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
296
|
8.8 |
HIGH
Network
|
pandorafms
|
pandora_fms
|
A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through <777.3.
Update
|
CWE-22
Path Traversal
|
CVE-2024-35308
|
2024-10-26 04:06 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
297
|
4.8 |
MEDIUM
Network
|
o-dyn
|
collabtive
|
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-46240
|
2024-10-26 04:00 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
298
|
7.5 |
HIGH
Network
phpgurukul
|
client_management_system
|
Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php.
Update
|
CWE-89
SQL Injection
|
CVE-2024-48570
|
2024-10-26 03:59 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
299
|
5.4 |
MEDIUM
Network
|
o-dyn
|
collabtive
|
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-48706
|
2024-10-26 03:58 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
300
|
4.3 |
MEDIUM
Network
|
qodeinteractive
|
qi_addons_for_elementor
|
The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenti…
Update
|
NVD-CWE-noinfo
|
CVE-2024-9530
|
2024-10-26 03:52 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|