|
305511
|
8.8 |
HIGH
Network
|
italtel
|
embrace
|
An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser…
|
NVD-CWE-noinfo
|
CVE-2024-31842
|
2024-10-30 06:35 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305512
|
- |
|
-
|
-
|
Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOTE: the supplier reportedly does "not consider the bug a security issu…
|
-
|
CVE-2024-44069
|
2024-10-30 06:35 |
2024-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305513
|
5.4 |
MEDIUM
Network
|
mecodia
|
feripro
|
Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS) via "/admin/programm/<program_id>/zuordnung/veranstaltungen/<event_id>" through the "school" input field.
|
CWE-79
Cross-site Scripting
|
CVE-2024-41519
|
2024-10-30 06:35 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305514
|
5.3 |
MEDIUM
Network
|
litestream
|
litestream
|
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-th…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-41254
|
2024-10-30 06:35 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305515
|
4.3 |
MEDIUM
Network
|
agnai
|
agnai
|
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chos…
|
CWE-22
Path Traversal
|
CVE-2024-47170
|
2024-10-30 05:59 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305516
|
5.4 |
MEDIUM
Network
|
x2engine
|
x2crm
|
X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list.
|
CWE-79
Cross-site Scripting
|
CVE-2024-48120
|
2024-10-30 05:57 |
2024-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305517
|
7.2 |
HIGH
Network
|
mayurik
|
petrol_pump_management
|
A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_f…
|
CWE-89
SQL Injection
|
CVE-2024-10406
|
2024-10-30 05:48 |
2024-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305518
|
7.2 |
HIGH
Network
|
mayurik
|
petrol_pump_management
|
A vulnerability, which was classified as critical, was found in SourceCodester Petrol Pump Management Software 1.0. This affects an unknown part of the file /admin/edit_customer.php. The manipulation…
|
CWE-89
SQL Injection
|
CVE-2024-10407
|
2024-10-30 05:47 |
2024-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305519
|
4.8 |
MEDIUM
Network
|
phpgurukul
|
vehicle_record_system
|
A vulnerability, which was classified as problematic, was found in PHPGurukul Vehicle Record System 1.0. This affects an unknown part of the file /admin/edit-brand.php. The manipulation of the argume…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10414
|
2024-10-30 05:46 |
2024-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305520
|
8.8 |
HIGH
Network
|
fabianros
|
blood_bank_management_system
|
A vulnerability has been found in code-projects Blood Bank Management up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /abs.php. The manipulation of the argum…
|
CWE-89
SQL Injection
|
CVE-2024-10408
|
2024-10-30 05:44 |
2024-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
