|
316591
|
- |
|
-
|
-
|
Rejected reason: Invalid security issue.
|
-
|
CVE-2024-6716
|
2024-09-4 23:15 |
2024-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316592
|
6.1 |
MEDIUM
Network
|
magic-post-thumbnail
|
magic_post_thumbnail
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Magic Post Thumbnail allows Reflected XSS.This issue affects Magic Post Thumbnail: from n/…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43921
|
2024-09-4 23:12 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316593
|
5.4 |
MEDIUM
Network
|
jegstudio
|
gutenverse
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43920
|
2024-09-4 23:06 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316594
|
9.8 |
CRITICAL
Network
|
propovoice
|
propovoice
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Propovoice Propovoice Pro allows SQL Injection.This issue affects Propovoice Pro: from n/a throug…
|
CWE-89
SQL Injection
|
CVE-2024-43941
|
2024-09-4 22:40 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316595
|
6.5 |
MEDIUM
Network
|
serilog-contrib
|
serilog-enrichers-clientinfo
|
Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or…
|
NVD-CWE-noinfo
|
CVE-2024-44930
|
2024-09-4 21:59 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316596
|
8.8 |
HIGH
Network
|
easytest
|
easytest_online_test_platform
|
SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter.
|
CWE-89
SQL Injection
|
CVE-2024-43776
|
2024-09-4 21:27 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316597
|
8.8 |
HIGH
Network
|
easytest
|
easytest_online_test_platform
|
SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter.
|
CWE-89
SQL Injection
|
CVE-2024-43775
|
2024-09-4 21:27 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316598
|
8.8 |
HIGH
Network
|
easytest
|
easytest_online_test_platform
|
SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid param…
|
CWE-89
SQL Injection
|
CVE-2024-43774
|
2024-09-4 21:26 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316599
|
9.8 |
CRITICAL
Network
|
easytest
|
easytest_online_test_platform
|
SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter.
|
CWE-89
SQL Injection
|
CVE-2024-43773
|
2024-09-4 21:26 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316600
|
8.1 |
HIGH
Network
|
symphonyfintech
|
xts_mobile_trader
xts_web_trader
|
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attack…
|
CWE-863
Incorrect Authorization
|
CVE-2024-45588
|
2024-09-4 21:15 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
