Latest CVE Feed
-
5.1
MEDIUMCVE-2024-10414
A vulnerability, which was classified as problematic, was found in PHPGurukul Vehicle Record System 1.0. This affects an unknown part of the file /admin/edit-brand.php. The manipulation of the argument Brand Name leads to cross site scripting. It is possi... Read more
Affected Products : vehicle_record_system- Published: Oct. 27, 2024
- Modified: Oct. 29, 2024
-
8.8
HIGHCVE-2024-10408
A vulnerability has been found in code-projects Blood Bank Management up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /abs.php. The manipulation of the argument search leads to sql injection. The attack can be ini... Read more
Affected Products : blood_bank_management_system- Published: Oct. 27, 2024
- Modified: Oct. 29, 2024
-
8.8
HIGHCVE-2024-10409
A vulnerability was found in code-projects Blood Bank Management 1.0 and classified as critical. This issue affects some unknown processing of the file /file/accept.php. The manipulation of the argument reqid leads to sql injection. The attack may be init... Read more
Affected Products : blood_bank_management_system- Published: Oct. 27, 2024
- Modified: Oct. 29, 2024
-
7.2
HIGHCVE-2024-10410
A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Affected by this vulnerability is the function upload of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image lea... Read more
- Published: Oct. 27, 2024
- Modified: Oct. 29, 2024
-
5.4
MEDIUMCVE-2024-10412
A vulnerability was found in Poco-z Guns-Medical 1.0. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /mgr/upload of the component File Upload. The manipulation of the argument picture leads to cross ... Read more
Affected Products : guns-medial- Published: Oct. 27, 2024
- Modified: Oct. 29, 2024
-
4.3
MEDIUMCVE-2024-7978
Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Mediu... Read more
- Published: Aug. 21, 2024
- Modified: Oct. 29, 2024
-
6.5
MEDIUMCVE-2024-7518
Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.... Read more
- Published: Aug. 06, 2024
- Modified: Oct. 29, 2024
-
8.8
HIGHCVE-2024-7255
Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)... Read more
- Published: Aug. 01, 2024
- Modified: Oct. 29, 2024
-
4.3
MEDIUMCVE-2024-7004
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium sec... Read more
- Published: Aug. 06, 2024
- Modified: Oct. 29, 2024
-
7.3
HIGHCVE-2024-48459
A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda Technology Co., Ltd. (Jixiang Tenda) v.DI_7003G-19.12.24A1V16.03.29.50;V16.03.29.50;V16.03.29.50. An attacker can exploit this vulnerability by constructing a m... Read more
Affected Products :- Published: Oct. 25, 2024
- Modified: Oct. 29, 2024
-
9.6
CRITICALCVE-2024-40867
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox.... Read more
- Published: Oct. 28, 2024
- Modified: Oct. 29, 2024
-
6.4
MEDIUMCVE-2023-32189
Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 29, 2024
-
9.8
CRITICALCVE-2024-10413
A vulnerability, which was classified as critical, has been found in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is the function upload of the file /guest/update.php. The manipulation of the argument image leads to unrestric... Read more
- Published: Oct. 27, 2024
- Modified: Oct. 29, 2024
-
7.2
HIGHCVE-2024-10411
A vulnerability was found in SourceCodester Online Hotel Reservation System 1.0. It has been classified as critical. Affected is the function doCancelRoom/doCancel/doConfirm/doCancel/doCheckin/doCheckout of the file /marimar/admin/mod_room/controller.php.... Read more
- Published: Oct. 27, 2024
- Modified: Oct. 29, 2024
-
8.8
HIGHCVE-2024-10415
A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /file/accept.php. The manipulation of the argument reqid leads to sql injection. The attack ca... Read more
- Published: Oct. 27, 2024
- Modified: Oct. 29, 2024
-
8.8
HIGHCVE-2024-10416
A vulnerability was found in code-projects Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /file/cancel.php. The manipulation of the argument reqid leads to sql injection. The attack may ... Read more
- Published: Oct. 27, 2024
- Modified: Oct. 29, 2024
-
8.8
HIGHCVE-2024-10417
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /file/delete.php. The manipulation of the argument bid leads to sql injection. It is possible to l... Read more
- Published: Oct. 27, 2024
- Modified: Oct. 29, 2024
-
4.9
MEDIUMCVE-2024-48234
An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in Server-side request forgery (... Read more
Affected Products :- Published: Oct. 25, 2024
- Modified: Oct. 29, 2024
-
3.3
LOWCVE-2023-25189
BTS is affected by information disclosure vulnerability where mobile network operator personnel connected over BTS Web Element Manager, regardless of the access privileges, having a possibility to read BTS service operation details performed by Nokia Care... Read more
Affected Products :- Published: Sep. 25, 2024
- Modified: Oct. 29, 2024
-
3.3
LOWCVE-2023-20513
An insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize a malicious VF (virtualization function) to send a malformed message, potentially resulting in a denial of service.... Read more
Affected Products :- Published: Aug. 13, 2024
- Modified: Oct. 29, 2024