IDCVSSSummaryLast (major) updatePublished
CVE-2024-10740 None
A vulnerability, which was classified as critical, was found in code-projects E-Health Care System up to 1.0. This affects an unknown part of the file /Admin/consulting_detail.php. The manipulation of the argument consulting_id leads to sql injection
03-11-2024 - 20:15 03-11-2024 - 20:15
CVE-2024-1163 None
The attacker may exploit a path traversal vulnerability leading to information disclosure.
03-11-2024 - 19:15 13-02-2024 - 15:15
CVE-2024-10739 None
A vulnerability, which was classified as critical, has been found in code-projects E-Health Care System 1.0. Affected by this issue is some unknown functionality of the file /Admin/adminlogin.php. The manipulation of the argument email/admin_pswd as
03-11-2024 - 18:15 03-11-2024 - 18:15
CVE-2024-10738 None
A vulnerability classified as critical was found in itsourcecode Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file manage-breed.php. The manipulation of the argument breed leads to sql injection. The a
03-11-2024 - 17:15 03-11-2024 - 17:15
CVE-2024-7473 None
An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the re
03-11-2024 - 17:15 29-10-2024 - 13:15
CVE-2024-6959 None
A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously proces
03-11-2024 - 17:15 13-10-2024 - 13:15
CVE-2024-7038 None
An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides
03-11-2024 - 17:15 09-10-2024 - 19:15
CVE-2024-6582 None
A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vuln
03-11-2024 - 17:15 13-09-2024 - 17:15
CVE-2024-2965 None
A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to pre
03-11-2024 - 17:15 06-06-2024 - 19:15
CVE-2024-3408 None
man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge
03-11-2024 - 17:15 06-06-2024 - 19:16
CVE-2024-3102 None
A JSON Injection vulnerability exists in the `mintplex-labs/anything-llm` application, specifically within the username parameter during the login process at the `/api/request-token` endpoint. The vulnerability arises from improper handling of values
03-11-2024 - 17:15 06-06-2024 - 19:15
CVE-2024-5128 None
An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update, or delete any dataset_prompt or dataset_prompt_va
03-11-2024 - 17:15 06-06-2024 - 19:16
CVE-2024-5130 None
An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, which allows unauthenticated users to delete any dataset. The vulnerability is due to the lack of proper authorization checks in the dataset delet
03-11-2024 - 17:15 06-06-2024 - 19:16
CVE-2024-4888 None
BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the `/audio/transcriptions` endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includ
03-11-2024 - 17:15 06-06-2024 - 19:16
CVE-2024-5131 None
An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting versions up to and including 1.2.2. The vulnerability allows unauthorized users to view any prompts in any projects by supplying a specific prompt ID to an
03-11-2024 - 17:15 06-06-2024 - 19:16
CVE-2024-3033 None
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, includ
03-11-2024 - 17:15 06-06-2024 - 18:15
CVE-2024-5127 None
In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises
03-11-2024 - 17:15 06-06-2024 - 18:15
CVE-2024-5248 None
In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the `GET /v1/users/me/org` endpoint. The platform's role definitions restrict the `Prompt Editor` role to prompt management and pr
03-11-2024 - 17:15 06-06-2024 - 19:16
CVE-2024-10736 None
A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument email leads to sql injection. The
03-11-2024 - 15:15 03-11-2024 - 15:15
CVE-2024-10737 None
A vulnerability classified as critical has been found in Codezips Free Exam Hall Seating Management System 1.0. Affected is an unknown function of the file /teacher.php. The manipulation of the argument email leads to sql injection. It is possible to
03-11-2024 - 15:15 03-11-2024 - 15:15
CVE-2024-10735 None
A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /editNominee.php. The manipulation of the argument nominee_id leads to sql injecti
03-11-2024 - 14:15 03-11-2024 - 14:15
CVE-2024-10734 None
A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /editPayment.php. The manipulation of the argument recipt_no leads to sql injection. It is
03-11-2024 - 13:15 03-11-2024 - 13:15
CVE-2024-10733 None
A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uid leads to sql injection. The attack ma
03-11-2024 - 12:15 03-11-2024 - 12:15
CVE-2024-10732 None
A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /module/word_model/view/index.php. The manipulation of the argument query_str leads to sql
03-11-2024 - 11:15 03-11-2024 - 11:15
CVE-2024-10731 None
A vulnerability, which was classified as critical, was found in Tongda OA up to 11.10. Affected is an unknown function of the file /pda/appcenter/check_seal.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the
03-11-2024 - 10:15 03-11-2024 - 10:15
CVE-2024-10730 None
A vulnerability, which was classified as critical, has been found in Tongda OA up to 11.6. This issue affects some unknown processing of the file /pda/appcenter/web_show.php. The manipulation of the argument ID leads to sql injection. The attack may
03-11-2024 - 09:15 03-11-2024 - 09:15
CVE-2024-7081 None
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file expcatadd.php. The manipulation of the argument id/title leads to sql injection
02-11-2024 - 19:15 24-07-2024 - 21:15
CVE-2024-10701 None
A vulnerability was found in PHPGurukul Car Rental Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack
02-11-2024 - 18:15 02-11-2024 - 18:15
CVE-2024-10702 None
A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the
02-11-2024 - 18:15 02-11-2024 - 18:15
CVE-2024-10700 None
A vulnerability was found in code-projects University Event Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file submit.php. The manipulation of the argument name/email/title/Year/gender/fromdat
02-11-2024 - 16:15 02-11-2024 - 16:15
CVE-2024-10699 None
A vulnerability was found in code-projects Wazifa System 1.0. It has been classified as critical. This affects an unknown part of the file /controllers/logincontrol.php. The manipulation of the argument username leads to sql injection. It is possible
02-11-2024 - 15:15 02-11-2024 - 15:15
CVE-2024-10698 None
A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflo
02-11-2024 - 14:15 02-11-2024 - 14:15
CVE-2024-10697 None
A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument The lea
02-11-2024 - 12:15 02-11-2024 - 12:15
CVE-2024-9896 None
The BBP Core – Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5
02-11-2024 - 08:15 02-11-2024 - 08:15
CVE-2024-51774 None
qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors.
02-11-2024 - 06:15 02-11-2024 - 06:15
CVE-2024-10310 None
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Gallery Widget 'image_title' parameter in all versions up to,
02-11-2024 - 02:15 02-11-2024 - 02:15
CVE-2024-10540 None
The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpress_form shortcode in all versions up to, and including, 1.1.16 due to insuff
02-11-2024 - 02:15 02-11-2024 - 02:15
CVE-2024-8739 None
The ReCaptcha Integration for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible f
02-11-2024 - 02:15 02-11-2024 - 02:15
CVE-2024-9868 None
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate Widget 'url' parameter in all versions up to, and including
02-11-2024 - 02:15 02-11-2024 - 02:15
CVE-2024-9191 None
The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. The vu
01-11-2024 - 22:15 01-11-2024 - 22:15
CVE-2024-48359 None
Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter.
01-11-2024 - 21:35 31-10-2024 - 20:15
CVE-2024-48360 None
Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php.
01-11-2024 - 21:35 31-10-2024 - 20:15
CVE-2024-51066 None
An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information (PII) of other customers.
01-11-2024 - 21:35 31-10-2024 - 19:15
CVE-2024-44159 None
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences.
01-11-2024 - 21:35 28-10-2024 - 21:15
CVE-2024-37879 None
Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo".
01-11-2024 - 21:35 20-09-2024 - 17:15
CVE-2024-7084 None
The Ajax Search Lite WordPress plugin before 4.12.1 does not sanitise and escape some parameters, which could allow users with a role as low as Admin+ to perform Cross-Site Scripting attacks.
01-11-2024 - 21:35 06-08-2024 - 06:15
CVE-2024-28882 None
OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session
01-11-2024 - 21:35 08-07-2024 - 22:15
CVE-2024-23269 None
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the
01-11-2024 - 21:35 08-03-2024 - 02:15
CVE-2024-25559 None
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.
01-11-2024 - 21:35 15-02-2024 - 05:15
CVE-2024-44232 None
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video
01-11-2024 - 21:15 01-11-2024 - 21:15
Back to Top Mark selected
Back to Top