Latest CVE Feed
-
9.8
CRITICALCVE-2024-4932
A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Bidding System 1.0. Affected is an unknown function of the file /simple-online-bidding-system/admin/index.php?page=manage_user. The manipulation of the argument i... Read more
Affected Products : simple_online_bidding_system- Published: May. 16, 2024
- Modified: Dec. 09, 2024
-
9.8
CRITICALCVE-2024-4936
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code exec... Read more
Affected Products : canto- Published: Jun. 14, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-0006
A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of... Read more
- Published: Jan. 15, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-4933
A vulnerability has been found in SourceCodester Simple Online Bidding System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/index.php?page=manage_product. The man... Read more
Affected Products : simple_online_bidding_system- Published: May. 16, 2024
- Modified: Dec. 09, 2024
-
9.8
CRITICALCVE-2024-4921
A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is an unknown function of the file /employee_gatepass/classes/Users.php?f=ssave. The manipulation of the argument img leads... Read more
- Published: May. 16, 2024
- Modified: Feb. 10, 2025
-
9.8
CRITICALCVE-2018-8800
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.... Read more
- Published: Feb. 05, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-4916
A vulnerability has been found in Campcodes Online Examination System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file selExamAttemptExe.php. The manipulation of the argument thisId leads to sql inject... Read more
Affected Products : online_examination_system- Published: May. 15, 2024
- Modified: Feb. 21, 2025
-
9.8
CRITICALCVE-2018-8786
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.... Read more
- Published: Nov. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-4945
A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file view_parcel.php. The manipulation of the argument id leads to unrestricted upload. It is pos... Read more
- Published: May. 16, 2024
- Modified: Feb. 10, 2025
-
9.8
CRITICALCVE-2024-4915
A vulnerability, which was classified as critical, was found in Campcodes Online Examination System 1.0. Affected is an unknown function of the file result.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attac... Read more
Affected Products : online_examination_system- Published: May. 15, 2024
- Modified: Feb. 21, 2025
-
9.8
CRITICALCVE-2024-4928
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=delete_category. The manipula... Read more
Affected Products : simple_online_bidding_system- Published: May. 16, 2024
- Modified: Dec. 09, 2024
-
9.8
CRITICALCVE-2024-4917
A vulnerability was found in Campcodes Online Examination System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file submitAnswerExe.php. The manipulation of the argument exmne_id leads to sql injection. The at... Read more
Affected Products : online_examination_system- Published: May. 15, 2024
- Modified: Feb. 21, 2025
-
9.8
CRITICALCVE-2024-4884
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges.... Read more
Affected Products : whatsup_gold- Published: Jun. 25, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7761
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.... Read more
Affected Products : 140cpu65150_firmware 140cpu65160_firmware bmxnor0200h_firmware modicon_m340_bmxp341000_firmware modicon_m340_bmxp342020_firmware modicon_m340_bmxp342000_firmware modicon_m340_bmxp3420102_firmware modicon_m340_bmxp342020h_firmware modicon_m340_bmxp3420302_firmware modicon_m340_bmxp3420302h_firmware +104 more products- Published: Apr. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7753
An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allo... Read more
Affected Products : bleach- Published: Mar. 07, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7750
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is complet... Read more
- Published: Mar. 13, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-35619
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function ssdpcgi_main.... Read more
- Published: Aug. 03, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-4825
A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure.... Read more
Affected Products : cockpit- Published: May. 14, 2024
- Modified: Jun. 27, 2025
-
9.8
CRITICALCVE-2018-5183
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, ... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5154
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +2 more products- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024