Latest CVE Feed
-
9.8
CRITICALCVE-2024-48428
An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password function.... Read more
Affected Products : olivevle- Published: Oct. 25, 2024
- Modified: Mar. 19, 2025
-
9.8
CRITICALCVE-2024-48581
File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the admin_class.php component.... Read more
Affected Products : best_courier_management_system- Published: Oct. 25, 2024
- Modified: May. 06, 2025
-
9.8
CRITICALCVE-2022-25246
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control... Read more
- Published: Mar. 16, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-26293
Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php.... Read more
Affected Products : online_project_time_management_system- Published: Mar. 16, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-37846
MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.... Read more
Affected Products : mango- Published: Oct. 25, 2024
- Modified: Nov. 05, 2024
-
9.8
CRITICALCVE-2024-48237
WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php.... Read more
Affected Products : wtcms- Published: Oct. 25, 2024
- Modified: Apr. 17, 2025
-
9.8
CRITICALCVE-2024-10418
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /file/infoAdd.php. The manipulation of the argument bg leads to sql injec... Read more
- Published: Oct. 27, 2024
- Modified: Oct. 29, 2024
-
9.8
CRITICALCVE-2024-10422
A vulnerability, which was classified as critical, has been found in SourceCodester Attendance and Payroll System 1.0. This issue affects some unknown processing of the file /admin/overtime_add.php. The manipulation of the argument id leads to sql injecti... Read more
Affected Products : attendance_and_payroll_system- Published: Oct. 27, 2024
- Modified: Oct. 29, 2024
-
9.8
CRITICALCVE-2024-10424
A vulnerability has been found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/project_selection/remove_project.php of the component Projec... Read more
- Published: Oct. 27, 2024
- Modified: Oct. 29, 2024
-
9.8
CRITICALCVE-2024-10440
The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents.... Read more
- Published: Oct. 28, 2024
- Modified: Oct. 31, 2024
-
9.8
CRITICALCVE-2024-50483
Authorization Bypass Through User-Controlled Key vulnerability in Meetup allows Privilege Escalation.This issue affects Meetup: from n/a through 0.1.... Read more
Affected Products : meetup- Published: Oct. 28, 2024
- Modified: Oct. 31, 2024
-
9.8
CRITICALCVE-2024-10426
A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /animalsadd.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the ... Read more
Affected Products : pet_shop_management_system- Published: Oct. 27, 2024
- Modified: Oct. 30, 2024
-
9.8
CRITICALCVE-2022-0694
The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unauthenticated and authenticated users... Read more
Affected Products : advanced_booking_calendar- Published: Mar. 21, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-26174
A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields.... Read more
Affected Products : beekeeper-studio- Published: Mar. 21, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-26187
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function.... Read more
- Published: Mar. 22, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43735
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule.... Read more
Affected Products : cmswing- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-10431
A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Affected is an unknown function of the file /deletebird.php. The manipulation of the argument t1 leads to sql injection. It is possible to launch the ... Read more
Affected Products : pet_shop_management_system- Published: Oct. 27, 2024
- Modified: Oct. 30, 2024
-
9.8
CRITICALCVE-2022-23881
ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php.... Read more
Affected Products : zzzphp- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-26301
TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php.... Read more
Affected Products : tuzicms- Published: Mar. 24, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-50476
Missing Authorization vulnerability in GRÜN Software Group GmbH GRÜN spendino Spendenformular allows Privilege Escalation.This issue affects GRÜN spendino Spendenformular: from n/a through 1.0.1.... Read more
Affected Products :- Published: Oct. 29, 2024
- Modified: Oct. 29, 2024