|
314371
|
- |
|
-
|
-
|
Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOTE: the supplier reportedly does "not consider the bug a security issu…
|
-
|
CVE-2024-44069
|
2024-10-30 06:35 |
2024-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314372
|
5.4 |
MEDIUM
Network
|
mecodia
|
feripro
|
Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS) via "/admin/programm/<program_id>/zuordnung/veranstaltungen/<event_id>" through the "school" input field.
|
CWE-79
Cross-site Scripting
|
CVE-2024-41519
|
2024-10-30 06:35 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314373
|
5.3 |
MEDIUM
Network
|
litestream
|
litestream
|
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-th…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-41254
|
2024-10-30 06:35 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314374
|
4.3 |
MEDIUM
Network
|
agnai
|
agnai
|
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chos…
|
CWE-22
Path Traversal
|
CVE-2024-47170
|
2024-10-30 05:59 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314375
|
5.4 |
MEDIUM
Network
|
x2engine
|
x2crm
|
X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list.
|
CWE-79
Cross-site Scripting
|
CVE-2024-48120
|
2024-10-30 05:57 |
2024-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314376
|
7.2 |
HIGH
Network
|
mayurik
|
petrol_pump_management
|
A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_f…
|
CWE-89
SQL Injection
|
CVE-2024-10406
|
2024-10-30 05:48 |
2024-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314377
|
7.2 |
HIGH
Network
|
mayurik
|
petrol_pump_management
|
A vulnerability, which was classified as critical, was found in SourceCodester Petrol Pump Management Software 1.0. This affects an unknown part of the file /admin/edit_customer.php. The manipulation…
|
CWE-89
SQL Injection
|
CVE-2024-10407
|
2024-10-30 05:47 |
2024-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314378
|
4.8 |
MEDIUM
Network
|
phpgurukul
|
vehicle_record_system
|
A vulnerability, which was classified as problematic, was found in PHPGurukul Vehicle Record System 1.0. This affects an unknown part of the file /admin/edit-brand.php. The manipulation of the argume…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10414
|
2024-10-30 05:46 |
2024-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314379
|
8.8 |
HIGH
Network
|
fabianros
|
blood_bank_management_system
|
A vulnerability has been found in code-projects Blood Bank Management up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /abs.php. The manipulation of the argum…
|
CWE-89
SQL Injection
|
CVE-2024-10408
|
2024-10-30 05:44 |
2024-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314380
|
8.8 |
HIGH
Network
|
fabianros
|
blood_bank_management_system
|
A vulnerability was found in code-projects Blood Bank Management 1.0 and classified as critical. This issue affects some unknown processing of the file /file/accept.php. The manipulation of the argum…
|
CWE-89
SQL Injection
|
CVE-2024-10409
|
2024-10-30 05:42 |
2024-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
