461
|
8.8 |
HIGH
Network
|
snyk
|
snyk_cli
|
The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due…
Update
|
CWE-94
Code Injection
|
CVE-2024-48964
|
2024-10-30 22:46 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
462
|
9.8 |
CRITICAL
Network
zzcms
|
zzcms
|
A vulnerability was found in ZZCMS 2023 and classified as critical. This issue affects some unknown processing of the file 3/Ebak5.1/upload/ChangeTable.php. The manipulation of the argument savefilen…
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10292
|
2024-10-30 22:40 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
463
|
9.8 |
CRITICAL
Network
zzcms
|
zzcms
|
A vulnerability was found in ZZCMS 2023. It has been classified as critical. Affected is the function Ebak_SetGotoPak of the file 3/Ebbak5.1/upload/class/functions.php. The manipulation of the argume…
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10293
|
2024-10-30 22:37 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
464
|
9.8 |
CRITICAL
Network
zzcms
|
zzcms
|
A vulnerability has been found in ZZCMS 2023 and classified as critical. This vulnerability affects the function Ebak_DoExecSQL/Ebak_DotranExecutSQL of the file 3/Ebak5.1/upload/phome.php. The manipu…
Update
|
CWE-89
SQL Injection
|
CVE-2024-10291
|
2024-10-30 22:23 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
465
|
- |
|
-
|
-
|
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function.
New
|
-
|
CVE-2024-51304
|
2024-10-30 22:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
466
|
9.8 |
CRITICAL
Network
mayurik
|
best_house_rental_management_system
|
A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function delete_tenant of the file /ajax.php?action=delet…
Update
|
CWE-89
SQL Injection
|
CVE-2024-10349
|
2024-10-30 22:14 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
467
|
5.4 |
MEDIUM
Network
|
mayurik
|
best_house_rental_management_system
|
A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=tenants of the com…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-10348
|
2024-10-30 22:03 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
468
|
- |
|
-
|
-
|
The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitizati…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9388
|
2024-10-30 20:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
469
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. This i…
New
|
CWE-95
Eval Injection
|
CVE-2024-8512
|
2024-10-30 20:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
470
|
- |
|
-
|
-
|
An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CS…
Update
|
CWE-331
Insufficient Entropy
|
CVE-2024-6508
|
2024-10-30 20:15 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|