|
111
|
7.1 |
HIGH
Local
|
sap
|
host_agent
|
An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentia…
New
|
NVD-CWE-noinfo
|
CVE-2024-47595
|
2024-11-15 00:21 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
112
|
8.8 |
HIGH
Network
|
tenda
|
ac10_firmware
|
A vulnerability, which was classified as critical, was found in Tenda AC10 16.03.10.13. Affected is the function FUN_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk…
Update
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2024-11056
|
2024-11-15 00:21 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
113
|
8.8 |
HIGH
Local
|
microsoft
|
windows_server_2025
windows_10_1809
windows_server_2019
windows_server_2022
windows_10_21h2
windows_11_22h2
windows_10_22h2
windows_11_23h2
windows_server_2022_23h2
windows…
|
Windows Task Scheduler Elevation of Privilege Vulnerability
New
|
NVD-CWE-noinfo
|
CVE-2024-49039
|
2024-11-15 00:20 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
114
|
9.8 |
CRITICAL
Network
1000projects
|
beauty_parlour_management_system
|
A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. This issue affects some unknown processing of the file /admin/admin-profile.ph…
Update
|
CWE-89
SQL Injection
|
CVE-2024-11055
|
2024-11-15 00:18 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
115
|
6.1 |
MEDIUM
Network
|
10web
|
form_maker
|
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate esc…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-10265
|
2024-11-15 00:17 |
2024-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
116
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation vulnerability in DInGO dLibra software in the parameter 'filter' in the endpoint 'indexsearch' allows a Reflected Cross-Site Scripting (XSS…
New
|
-
|
CVE-2024-7124
|
2024-11-15 00:15 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
117
|
- |
|
-
|
-
|
A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/fetch_…
New
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2024-11212
|
2024-11-15 00:15 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
118
|
- |
|
-
|
-
|
A vulnerability classified as critical has been found in EyouCMS 1.5.6. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is pos…
New
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11211
|
2024-11-15 00:15 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
119
|
- |
|
-
|
-
|
A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the ar…
New
|
CWE-22
Path Traversal
|
CVE-2024-11210
|
2024-11-15 00:15 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
120
|
7.5 |
HIGH
Network
-
|
-
|
A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.
New
|
CWE-20
Improper Input Validation
|
CVE-2022-2232
|
2024-11-15 00:15 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
