|
312811
|
8.8 |
HIGH
Network
|
e-bmsoft
|
bmplanning
|
SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other parame…
|
CWE-89
SQL Injection
|
CVE-2024-28298
|
2024-09-11 23:54 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312812
|
9.6 |
CRITICAL
Network
|
monkeytype
|
monkeytype
|
Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attac…
|
CWE-94
Code Injection
|
CVE-2024-41127
|
2024-09-11 23:52 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312813
|
8.8 |
HIGH
Network
|
dlink
|
di-8100_firmware
|
A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd …
|
CWE-77
Command Injection
|
CVE-2024-7436
|
2024-09-11 23:41 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312814
|
4.3 |
MEDIUM
Network
|
simplemachines
|
simple_machines_forum
|
A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=sho…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-7438
|
2024-09-11 23:39 |
2024-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312815
|
4.3 |
MEDIUM
Network
|
simplemachines
|
simple_machines_forum
|
A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the co…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-7437
|
2024-09-11 23:39 |
2024-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312816
|
9.1 |
CRITICAL
Network
|
ibm
|
planning_analytics_workspace
planning_analytics_local
|
IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-35143
|
2024-09-11 23:34 |
2024-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312817
|
6.1 |
MEDIUM
Network
|
ai3
|
qbibot
|
Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a …
|
CWE-79
Cross-site Scripting
|
CVE-2024-7204
|
2024-09-11 23:23 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312818
|
6.5 |
MEDIUM
Network
|
digiwin
|
easyflow_.net
|
Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vuln…
|
CWE-22
Path Traversal
|
CVE-2024-7323
|
2024-09-11 23:22 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312819
|
9.8 |
CRITICAL
Network
|
forip
|
administracao_pabx
|
A vulnerability was found in ForIP Tecnologia Administração PABX 1.x. It has been rated as critical. Affected by this issue is some unknown functionality of the file /authMonitCallcenter of the compo…
|
CWE-89
SQL Injection
|
CVE-2024-7461
|
2024-09-11 23:16 |
2024-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312820
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
-
|
CVE-2024-7805
|
2024-09-11 23:15 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
