|
961
|
9.8 |
CRITICAL
Network
sun.net
|
ehdr_ctms
|
The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents.
Update
|
CWE-89
SQL Injection
|
CVE-2024-10440
|
2024-10-31 09:34 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
962
|
9.8 |
CRITICAL
Network
stacksmarket
|
stacks_mobile_app_builder
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App …
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-50477
|
2024-10-31 09:24 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
963
|
9.8 |
CRITICAL
Network
maantheme
|
maanstore_api
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in MaanTheme MaanStore API allows Authentication Bypass.This issue affects MaanStore API: from n/a through 1.0.1.
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-50487
|
2024-10-31 09:17 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
964
|
9.8 |
CRITICAL
Network
realtyworkstation
|
realty_workstation
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in Realty Workstation allows Authentication Bypass.This issue affects Realty Workstation: from n/a through 1.0.45.
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-50489
|
2024-10-31 09:16 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
965
|
8.8 |
HIGH
Network
|
oretnom23
|
packers_and_movers_management_system
|
A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in /mpms/admin/?page…
Update
|
CWE-89
SQL Injection
|
CVE-2024-48427
|
2024-10-31 09:07 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
966
|
7.8 |
HIGH
Local
|
google
|
android
|
In vring_init of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no addi…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-47035
|
2024-10-31 09:05 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
967
|
5.5 |
MEDIUM
Local
|
dell
|
data_lakehouse
|
Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with…
Update
|
CWE-89
SQL Injection
|
CVE-2024-47483
|
2024-10-31 09:01 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
968
|
6.5 |
MEDIUM
Adjacent
|
dell
|
data_lakehouse
|
Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerabi…
Update
|
NVD-CWE-Other
|
CVE-2024-47481
|
2024-10-31 09:01 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
969
|
5.4 |
MEDIUM
Network
|
butlerblog
|
wp-members
|
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to insuf…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-10374
|
2024-10-31 09:00 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
970
|
9.8 |
CRITICAL
Network
esafenet
|
cdg
|
A vulnerability classified as critical has been found in ESAFENET CDG 5. Affected is the function actionViewCDGRenewFile of the file /com/esafenet/servlet/client/CDGRenewApplicationService.java. The …
Update
|
CWE-89
SQL Injection
|
CVE-2024-10378
|
2024-10-31 08:58 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
