Latest CVE Feed
-
7.2
CVSS31CVE-2024-10298
A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0. This affects an unknown part of the file /admin/edit-card-detail.php of the component Managecard Edit Card Detail Page. The manipulation of the argumen... Read more
Affected Products : medical_card_generation_system- Published: Oct. 23, 2024
- Modified: Oct. 25, 2024
-
7.2
CVSS31CVE-2024-10299
A vulnerability classified as critical was found in PHPGurukul Medical Card Generation System 1.0. This vulnerability affects unknown code of the file /admin/view-card-detail.php of the component Managecard View Detail Page. The manipulation of the argume... Read more
Affected Products : medical_card_generation_system- Published: Oct. 23, 2024
- Modified: Oct. 25, 2024
-
7.2
CVSS31CVE-2024-10300
A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/view-enquiry.php of the component View Enquiry Page. The manipulation of the ... Read more
Affected Products : medical_card_generation_system- Published: Oct. 23, 2024
- Modified: Oct. 25, 2024
-
7.2
CVSS31CVE-2024-10301
A vulnerability, which was classified as critical, was found in PHPGurukul Medical Card Generation System 1.0. Affected is an unknown function of the file /admin/search-medicalcard.php of the component Search. The manipulation of the argument searchdata l... Read more
Affected Products : medical_card_generation_system- Published: Oct. 23, 2024
- Modified: Oct. 25, 2024
-
9.1
CVSS31CVE-2024-48143
A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS v1.0 allows attackers to gain access to the ordering system and place an excessive amount of food orders.... Read more
Affected Products :- Published: Oct. 24, 2024
- Modified: Oct. 25, 2024
-
7.5
CVSS31CVE-2024-48142
A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.... Read more
Affected Products :- Published: Oct. 24, 2024
- Modified: Oct. 25, 2024
-
6.4
CVSS31CVE-2024-9585
The Image Map Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'save_project' function with an arbitrary shortcode in versions up to, and including, 6.0.20 due to insufficient input sanitization and output escaping on user sup... Read more
Affected Products :- Published: Oct. 25, 2024
- Modified: Oct. 25, 2024
-
5.4
CVSS31CVE-2024-9584
The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including, 6.0.20. This makes it possible for authenticated attackers... Read more
Affected Products :- Published: Oct. 25, 2024
- Modified: Oct. 25, 2024
-
0.0
NONECVE-2024-48700
Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the edit_page.php component.... Read more
Affected Products :- Published: Oct. 25, 2024
- Modified: Oct. 25, 2024
-
0.0
NONECVE-2024-48448
An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into the tracker comments page.... Read more
Affected Products :- Published: Oct. 25, 2024
- Modified: Oct. 25, 2024
-
0.0
NONECVE-2024-48343
A SQL Injection vulnerability in ESAFENET CDG 5 and earlier allows an attacker to execute arbitrary code via the id parameter of the dataSearch.jsp page.... Read more
Affected Products :- Published: Oct. 25, 2024
- Modified: Oct. 25, 2024
-
7.4
CVSS31CVE-2024-47033
In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more
Affected Products :- Published: Oct. 25, 2024
- Modified: Oct. 25, 2024
-
5.1
CVSS31CVE-2024-47028
In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.... Read more
Affected Products :- Published: Oct. 25, 2024
- Modified: Oct. 25, 2024
-
7.4
CVSS31CVE-2024-47027
In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction i... Read more
Affected Products :- Published: Oct. 25, 2024
- Modified: Oct. 25, 2024
-
5.1
CVSS31CVE-2024-47026
In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more
Affected Products :- Published: Oct. 25, 2024
- Modified: Oct. 25, 2024
-
5.1
CVSS31CVE-2024-47025
In ppmp_protect_buf of drm_fw.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more
Affected Products :- Published: Oct. 25, 2024
- Modified: Oct. 25, 2024
-
7.4
CVSS31CVE-2024-47024
In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ne... Read more
Affected Products :- Published: Oct. 25, 2024
- Modified: Oct. 25, 2024
-
7.4
CVSS31CVE-2024-44098
In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ex... Read more
Affected Products :- Published: Oct. 25, 2024
- Modified: Oct. 25, 2024
-
5.9
CVSS31CVE-2024-8036
ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. An attacker could exploit these vulnerabilities by sending a specially crafted firmware or configuration to the system node, causing the node to stop, becom... Read more
Affected Products :- Published: Oct. 25, 2024
- Modified: Oct. 25, 2024
-
0.0
NONECVE-2024-48743
Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter.... Read more
Affected Products :- Published: Oct. 25, 2024
- Modified: Oct. 25, 2024