|
312491
|
5.4 |
MEDIUM
Network
|
jegstudio
|
gutenverse
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43920
|
2024-09-4 23:06 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312492
|
9.8 |
CRITICAL
Network
|
propovoice
|
propovoice
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Propovoice Propovoice Pro allows SQL Injection.This issue affects Propovoice Pro: from n/a throug…
|
CWE-89
SQL Injection
|
CVE-2024-43941
|
2024-09-4 22:40 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312493
|
6.5 |
MEDIUM
Network
|
serilog-contrib
|
serilog-enrichers-clientinfo
|
Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or…
|
NVD-CWE-noinfo
|
CVE-2024-44930
|
2024-09-4 21:59 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312494
|
8.8 |
HIGH
Network
|
easytest
|
easytest_online_test_platform
|
SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter.
|
CWE-89
SQL Injection
|
CVE-2024-43776
|
2024-09-4 21:27 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312495
|
8.8 |
HIGH
Network
|
easytest
|
easytest_online_test_platform
|
SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter.
|
CWE-89
SQL Injection
|
CVE-2024-43775
|
2024-09-4 21:27 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312496
|
8.8 |
HIGH
Network
|
easytest
|
easytest_online_test_platform
|
SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid param…
|
CWE-89
SQL Injection
|
CVE-2024-43774
|
2024-09-4 21:26 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312497
|
9.8 |
CRITICAL
Network
|
easytest
|
easytest_online_test_platform
|
SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter.
|
CWE-89
SQL Injection
|
CVE-2024-43773
|
2024-09-4 21:26 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312498
|
8.1 |
HIGH
Network
|
symphonyfintech
|
xts_mobile_trader
xts_web_trader
|
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attack…
|
CWE-863
Incorrect Authorization
|
CVE-2024-45588
|
2024-09-4 21:15 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312499
|
8.8 |
HIGH
Network
|
symphonyfintech
|
xts_mobile_trader
xts_web_trader
|
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remot…
|
NVD-CWE-Other
|
CVE-2024-45587
|
2024-09-4 21:15 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312500
|
8.8 |
HIGH
Network
|
symphonyfintech
|
xts_mobile_trader
xts_web_trader
|
This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote…
|
NVD-CWE-Other
|
CVE-2024-45586
|
2024-09-4 21:15 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
