|
251471
|
5.4 |
MEDIUM
Network
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43362
|
2024-10-18 03:14 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251472
|
9.8 |
CRITICAL
Network
|
oretnom23
|
online_veterinary_appointment_system
|
A vulnerability classified as critical has been found in SourceCodester Online Veterinary Appointment System 1.0. Affected is an unknown function of the file /admin/categories/manage_category.php. Th…
|
CWE-89
SQL Injection
|
CVE-2024-9818
|
2024-10-18 03:13 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251473
|
8.8 |
HIGH
Network
|
blood_bank_system_project
|
blood_bank_system
|
A vulnerability was found in code-projects Blood Bank System 1.0. It has been classified as critical. This affects an unknown part of the file /update.php. The manipulation of the argument name leads…
|
CWE-89
SQL Injection
|
CVE-2024-9817
|
2024-10-18 03:12 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251474
|
9.8 |
CRITICAL
Network
|
taismartfactory
|
qplant_sf
|
SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially …
|
CWE-89
SQL Injection
|
CVE-2024-9925
|
2024-10-18 03:09 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251475
|
8.2 |
HIGH
Network
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stor…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43364
|
2024-10-18 03:09 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251476
|
8.8 |
HIGH
Network
|
formosasoft
|
ee-class
|
The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulner…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-9981
|
2024-10-18 03:05 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251477
|
8.8 |
HIGH
Network
|
formosasoft
|
ee-class
|
The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete datab…
|
CWE-89
SQL Injection
|
CVE-2024-9980
|
2024-10-18 03:03 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251478
|
7.2 |
HIGH
Network
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing onl…
|
CWE-94
Code Injection
|
CVE-2024-43363
|
2024-10-18 02:58 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251479
|
2.4 |
LOW
Network
|
authzed
|
spicedb
|
SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled `LookupResource…
|
NVD-CWE-Other
|
CVE-2024-48909
|
2024-10-18 02:56 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251480
|
7.5 |
HIGH
Network
|
ss-proj
|
shirasagi
|
SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved …
|
CWE-22
Path Traversal
|
CVE-2024-46898
|
2024-10-18 02:52 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
