Latest CVE Feed
-
10.0
CVSS31CVE-2024-49257
Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through 0.9.... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
9.8
CVSS31CVE-2024-49247
: Authentication Bypass Using an Alternate Path or Channel vulnerability in sooskriszta, webforza BuddyPress Better Registration allows : Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a through 1.6.... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
9.1
CVSS31CVE-2024-48042
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Contact Form by Supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through 1.7.28.... Read more
Affected Products : contact_form- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
6.3
CVSS31CVE-2024-10024
A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. This issue affects some unknown processing of the file /php/manage_medicine_stock.php. The manipulation of the argument name/packing/generic... Read more
Affected Products : pharmacy_management_system- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
6.3
CVSS31CVE-2024-10023
A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. This vulnerability affects unknown code of the file /php/add_new_medicine.php. The manipulation of the argument name/packing/generic_name/suppliers_name lead... Read more
Affected Products : pharmacy_management_system- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
6.6
CVSS31CVE-2023-32196
A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation.... Read more
Affected Products : rancher- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
7.2
CVSS31CVE-2023-32194
A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, cr... Read more
Affected Products : rancher- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
8.3
CVSS31CVE-2023-32193
A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
8.3
CVSS31CVE-2023-32192
A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
9.9
CVSS31CVE-2023-32191
When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin.... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
5.3
CVSS31CVE-2020-36841
The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommerce_coupon_admin_init function in versions up to, and including, 4.6.0. This makes it possible for unauthenticated at... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
7.7
CVSS31CVE-2024-8040
An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an authenticated attacker to access some unauthorized data.... Read more
Affected Products : 3dexperience- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
8.7
CVSS31CVE-2024-6380
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.... Read more
Affected Products : 3dexperience- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
6.3
CVSS31CVE-2024-10022
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_supplier.php?action=search. The manipulation of the argument text leads to sql injection. It is pos... Read more
Affected Products : pharmacy_management_system- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
6.3
CVSS31CVE-2024-10021
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /php/manage_purchase.php?action=search&tag=VOUCHER_NUMBER. The manipulation of the a... Read more
Affected Products : pharmacy_management_system- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
7.8
CVSS31CVE-2023-32190
mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges.... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024