| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-48007 | Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A... | | |
| CVE-2024-48008 | Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. An Low p... | | |
| CVE-2024-48010 | Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an acc... | | |
| CVE-2024-48011 | Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to a... | | |
| CVE-2024-48013 | Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Exe... | | |
| CVE-2024-48015 | Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Imp... | | |
| CVE-2024-48016 | Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a Broken o... | | |
| CVE-2024-48017 | Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Imp... | | |
| CVE-2024-48019 | Apache Doris: allows admin users to read arbitrary files through the REST API | | |
| CVE-2024-48020 | WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.21 - SQL Injection vulnerability | S | |
| CVE-2024-48021 | WordPress Contact Form 7 – PayPal & Stripe Add-on plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-48022 | WordPress Shortcode For Elementor Templates plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-48023 | WordPress Restaurant Reservations Widget plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-48024 | WordPress Keep Backup Daily plugin <=2.0.7 - Sensitive Data Exposure vulnerability | | |
| CVE-2024-48025 | WordPress Simple Baseball Scoreboard plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-48026 | WordPress Disc Golf Manager plugin <= 1.0.0 - PHP Object Injection vulnerability | | |
| CVE-2024-48027 | WordPress External featured image from bing plugin <= 1.0.2 - Remote Code Execution (RCE) vulnerability | | |
| CVE-2024-48028 | WordPress IP Loc8 plugin <= 1.1 - PHP Object Injection vulnerability | | |
| CVE-2024-48029 | WordPress SB Random Posts Widget plugin <= 1.0 - Local File Inclusion vulnerability | S | |
| CVE-2024-48030 | WordPress Telecash Ricaricaweb plugin <= 2.2 - PHP Object Injection vulnerability | | |
| CVE-2024-48031 | WordPress Featured Posts with Multiple Custom Groups (FPMCG) plugin <= 4.0 - Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-48032 | WordPress Featured Posts with Multiple Custom Groups (FPMCG) plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-48033 | WordPress Talkback plugin <= 1.0 - PHP Object Injection vulnerability | | |
| CVE-2024-48034 | WordPress Creates 3D Flipbook, PDF Flipbook plugin <= 1.2 - Arbitrary File Upload vulnerability | | |
| CVE-2024-48035 | WordPress ACF Images Search And Insert plugin <= 1.1.4 - Arbitrary File Upload vulnerability | | |
| CVE-2024-48036 | WordPress SKT Blocks plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-48037 | WordPress Contact Form Widget – Contact Query, Contact Page, Form Maker, Query Table plugin <= 1.4.2 - CSRF vulnerability | S | |
| CVE-2024-48038 | WordPress wp-Monalisa plugin <= 6.4 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-48039 | WordPress CubeWP – All-in-One Dynamic Content Framework plugin <= 1.1.15 - Broken Access Control vulnerability | S | |
| CVE-2024-48040 | WordPress Tainacan plugin <= 0.21.8 - SQL Injection vulnerability | S | |
| CVE-2024-48041 | WordPress CM Tooltip Glossary plugin <= 4.3.9 - Stored Cross-Site Scripting vulnerability | S | |
| CVE-2024-48042 | WordPress Contact Form by Supsystic plugin <= 1.7.28 - Remote Code Execution (RCE) vulnerability | S | |
| CVE-2024-48043 | WordPress ShortPixel Image Optimizer plugin <= 5.6.3 - SQL Injection vulnerability | S | |
| CVE-2024-48044 | WordPress ShortPixel Image Optimizer plugin <= 5.6.3 - Broken Access Control vulnerability | S | |
| CVE-2024-48045 | WordPress Happy Elementor Addons plugin <= 3.12.3 - Broken Access Control vulnerability | S | |
| CVE-2024-48046 | WordPress Contact Form by Supsystic plugin <= 1.7.28 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-48047 | WordPress Linked Variation for WooCommerce plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-48048 | WordPress Wsify Widget plugin <= 1.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2024-48049 | WordPress Mighty Builder plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-48050 | In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_ca... | | |
| CVE-2024-48052 | In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) v... | E | |
| CVE-2024-48057 | localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and ... | | |
| CVE-2024-48059 | gaizhenbiao/chuanhuchatgpt project, version <=20240802 is vulnerable to stored Cross-Site Scripting ... | E | |
| CVE-2024-48061 | langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code fu... | E | |
| CVE-2024-48063 | In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple par... | E | |
| CVE-2024-48068 | A cross-site scripting (XSS) vulnerability in Shenzhen Landray Software Co.,LTD Landray EKP v16 and ... | | |
| CVE-2024-48069 | A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security... | | |
| CVE-2024-48070 | An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code ... | | |
| CVE-2024-48071 | E-cology has a directory traversal vulnerability. An attacker can exploit this vulnerability to dele... | | |
| CVE-2024-48072 | Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component /mobil... | | |
| CVE-2024-48073 | sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. The /usr/local/bin/updat... | | |
| CVE-2024-48074 | An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attac... | E | |
| CVE-2024-48075 | A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from ... | | |
| CVE-2024-48080 | An issue in aedes v0.51.2 allows attackers to cause a Denial of Service(DoS) via a crafted request. ... | | |
| CVE-2024-48091 | Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component ... | | |
| CVE-2024-48093 | Unrestricted File Upload in the Discussions tab in Operately v.0.1.0 allows a privileged user to ach... | | |
| CVE-2024-48107 | SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows att... | | |
| CVE-2024-48112 | A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 ... | E | |
| CVE-2024-48119 | Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users ca... | E | |
| CVE-2024-48120 | X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An at... | E | |
| CVE-2024-48121 | The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit user credentials in cleartext over th... | | |
| CVE-2024-48122 | Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated attackers wit... | | |
| CVE-2024-48123 | An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to execute ... | | |
| CVE-2024-48125 | An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to enumerate user c... | | |
| CVE-2024-48126 | HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor... | | |
| CVE-2024-48138 | A remote code execution (RCE) vulnerability in the component /PluXml/core/admin/parametres_edittpl.p... | | |
| CVE-2024-48139 | A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access an... | | |
| CVE-2024-48140 | A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot p... | | |
| CVE-2024-48141 | A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to acc... | | |
| CVE-2024-48142 | A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assist... | | |
| CVE-2024-48143 | A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS v1.... | | |
| CVE-2024-48144 | A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.... | | |
| CVE-2024-48145 | A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 a... | | |
| CVE-2024-48150 | D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function.... | | |
| CVE-2024-48153 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and ex... | | |
| CVE-2024-48168 | A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-9... | | |
| CVE-2024-48170 | PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload injected ... | | |
| CVE-2024-48176 | Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of log... | | |
| CVE-2024-48177 | MRCMS 3.1.2 contains a SQL injection vulnerability via the RID parameter in /admin/article/delete.do... | E | |
| CVE-2024-48178 | newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg paramet... | E | |
| CVE-2024-48180 | ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can... | | |
| CVE-2024-48191 | dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /a... | E | |
| CVE-2024-48192 | Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in /et... | E | |
| CVE-2024-48195 | Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive i... | | |
| CVE-2024-48196 | An issue in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted s... | | |
| CVE-2024-48197 | Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalat... | | |
| CVE-2024-48200 | An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary cod... | | |
| CVE-2024-48202 | icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile.... | E | |
| CVE-2024-48204 | SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker ... | | |
| CVE-2024-48206 | A Deserialization of Untrusted Data vulnerability in chainer v7.8.1.post1 leads to execution of arbi... | | |
| CVE-2024-48208 | pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the doml... | | |
| CVE-2024-48213 | RockOA v2.6.5 is vulnerable to Directory Traversal in webmain/system/beifen/beifenAction.php.... | | |
| CVE-2024-48214 | KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connec... | | |
| CVE-2024-48217 | An Insecure Direct Object Reference (IDOR) in the dashboard of SiSMART v7.4.0 allows attackers to ex... | | |
| CVE-2024-48218 | Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.... | E | |
| CVE-2024-48222 | Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.... | E | |
| CVE-2024-48223 | Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.... | E | |
| CVE-2024-48224 | Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.... | E | |
| CVE-2024-48225 | Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.... | E | |
| CVE-2024-48226 | Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.... | E | |
| CVE-2024-48227 | Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result ... | E | |
| CVE-2024-48228 | An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php ... | E | |
| CVE-2024-48229 | funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.... | | |
| CVE-2024-48230 | funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \... | E | |
| CVE-2024-48231 | Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of ... | E | |
| CVE-2024-48232 | An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php... | E | |
| CVE-2024-48233 | mipjz 5.0.5 is vulnerable to Cross Site Scripting (XSS) in \app\setting\controller\ApiAdminSetting.p... | E | |
| CVE-2024-48234 | An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the... | | |
| CVE-2024-48235 | An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of th... | E | |
| CVE-2024-48236 | An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream ... | E | |
| CVE-2024-48237 | WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.p... | E | |
| CVE-2024-48238 | WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.cla... | E | |
| CVE-2024-48239 | An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app ... | E | |
| CVE-2024-48241 | An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via t... | | |
| CVE-2024-48245 | Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable PO... | M | |
| CVE-2024-48246 | Vehicle Management System 1.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the "Nam... | E M | |
| CVE-2024-48248 | NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via... | KEV E | |
| CVE-2024-48249 | Wavelog 1.8.5 allows Gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, ... | E S | |
| CVE-2024-48251 | Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQL injection via band, sat, pro... | E S | |
| CVE-2024-48253 | Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection.... | | |
| CVE-2024-48255 | Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection.... | | |
| CVE-2024-48257 | Wavelog 1.8.5 allows Oqrs_model.php get_worked_modes station_id SQL injectioin.... | E S | |
| CVE-2024-48259 | Cloudlog 2.6.15 allows Oqrs.php request_form SQL injection via station_id or callsign.... | E | |
| CVE-2024-48261 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-48251. Reason: This candidat... | R | |
| CVE-2024-48270 | An issue in the component /logins of oasys v1.1 allows attackers to access sensitive information via... | E | |
| CVE-2024-48271 | D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrat... | E | |
| CVE-2024-48272 | D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure default Wifi password, possibly ... | E | |
| CVE-2024-48278 | Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Requ... | E M | |
| CVE-2024-48279 | A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Log... | E M | |
| CVE-2024-48280 | A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Logi... | E | |
| CVE-2024-48282 | A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & ... | E M | |
| CVE-2024-48283 | Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection i... | E | |
| CVE-2024-48284 | A Reflected Cross-Site Scripting (XSS) vulnerability was found in the /search-result.php page of the... | E | |
| CVE-2024-48286 | Linksys E3000 1.0.06.002_US is vulnerable to command injection via the diag_ping_start function.... | E | |
| CVE-2024-48288 | TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicio... | E | |
| CVE-2024-48289 | An issue in the Bluetooth Low Energy implementation of Cypress Bluetooth SDK v3.66 allows attackers ... | | |
| CVE-2024-48290 | An issue in the Bluetooth Low Energy implementation of Realtek RTL8762E BLE SDK v1.4.0 allows attack... | | |
| CVE-2024-48291 | dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAc... | E | |
| CVE-2024-48292 | An issue in the wssrvc.exe service of QuickHeal Antivirus Pro Version v24.0 and Quick Heal Total Sec... | | |
| CVE-2024-48293 | Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and earlier allows authenticated atta... | | |
| CVE-2024-48294 | A NULL pointer dereference in the component libPdfCore.dll of Wondershare PDF Reader v1.0.9.2544 all... | | |
| CVE-2024-48307 | JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragD... | E | |
| CVE-2024-48310 | AutoLib Software Systems OPAC v20.10 was discovered to have multiple API keys exposed within the sou... | | |
| CVE-2024-48311 | Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit album func... | E | |
| CVE-2024-48312 | WebLaudos v20.8 (118) was discovered to contain a cross-site scripting (XSS) vulnerability via the l... | | |
| CVE-2024-48322 | UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability.... | | |
| CVE-2024-48325 | Portabilis i-Educar 2.8.0 is vulnerable to SQL Injection in the "getDocuments" function of the "Inst... | | |
| CVE-2024-48336 | The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not ... | | |
| CVE-2024-48342 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-48343 | A SQL Injection vulnerability in ESAFENET CDG 5 and earlier allows an attacker to execute arbitrary ... | E | |
| CVE-2024-48346 | xtreme1 <= v0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the /api/data/uploa... | | |
| CVE-2024-48352 | Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server resp... | | |
| CVE-2024-48353 | Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a fr... | | |
| CVE-2024-48356 | LyLme Spage <=1.6.0 is vulnerable to SQL Injection via /admin/group.php.... | E | |
| CVE-2024-48357 | LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection via /admin/apply.php.... | E | |
| CVE-2024-48359 | Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridVal... | E | |
| CVE-2024-48360 | Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /req... | E | |
| CVE-2024-48392 | OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious Ja... | E | |
| CVE-2024-48394 | A Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the driver of the NDD P... | | |
| CVE-2024-48396 | AIML Chatbot 1.0 (fixed in 2.0) is vulnerable to Cross Site Scripting (XSS). The vulnerability is ex... | | |
| CVE-2024-48406 | Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an atta... | | |
| CVE-2024-48410 | Cross Site Scripting vulnerability in Camtrace v.9.16.2.1 allows a remote attacker to execute arbitr... | | |
| CVE-2024-48411 | itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to SQL Injection (SQLI) v... | E | |
| CVE-2024-48415 | itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted p... | | |
| CVE-2024-48416 | Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/f... | E | |
| CVE-2024-48417 | Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Cross Site Scripting (XSS) in... | E | |
| CVE-2024-48418 | In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not p... | E | |
| CVE-2024-48419 | Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/... | E | |
| CVE-2024-48420 | Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/g... | E | |
| CVE-2024-48423 | An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRe... | E | |
| CVE-2024-48424 | A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure functi... | E | |
| CVE-2024-48425 | A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode... | E | |
| CVE-2024-48426 | A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp l... | E | |
| CVE-2024-48427 | A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows rem... | | |
| CVE-2024-48428 | An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password func... | E | |
| CVE-2024-48440 | Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12... | | |
| CVE-2024-48441 | Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETS_v3.2.468.11.04_P4 was d... | | |
| CVE-2024-48442 | Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG... | | |
| CVE-2024-48445 | An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the... | E | |
| CVE-2024-48448 | An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitra... | | |
| CVE-2024-48450 | An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitra... | | |
| CVE-2024-48453 | An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the Ex... | | |
| CVE-2024-48454 | An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute... | | |
| CVE-2024-48455 | An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.... | E | |
| CVE-2024-48456 | An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.... | | |
| CVE-2024-48457 | An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.... | | |
| CVE-2024-48459 | A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda Techn... | | |
| CVE-2024-48460 | An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the se... | | |
| CVE-2024-48461 | Cross Site Scripting vulnerability in TeslaLogger Admin Panel before v.1.59.6 allows a remote attack... | | |
| CVE-2024-48463 | Bruno before 1.29.1 uses Electron shell.openExternal without validation (of http or https) for openi... | | |
| CVE-2024-48465 | The MRBS version 1.5.0 has an SQL injection vulnerability in the edit_entry_handler.php file, specif... | | |
| CVE-2024-48509 | Learning with Texts (LWT) 2.0.3 is vulnerable to SQL Injection. This occurs when the application fai... | | |
| CVE-2024-48510 | Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execu... | S | |
| CVE-2024-48514 | php-heic-to-jpg <= 1.0.5 is vulnerable to code injection (fixed in 1.0.6). An attacker who can uploa... | | |
| CVE-2024-48530 | An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows at... | | |
| CVE-2024-48531 | A reflected cross-site scripting (XSS) vulnerability on the Rental Availability module of eSoft Plan... | | |
| CVE-2024-48533 | A discrepancy between responses for valid and invalid e-mail accounts in the Forgot your Login? modu... | | |
| CVE-2024-48534 | A reflected cross-site scripting (XSS) vulnerability on the Camp Details module of eSoft Planner 3.2... | | |
| CVE-2024-48535 | A stored cross-site scripting (XSS) vulnerability in eSoft Planner 3.24.08271-USA allows attackers t... | | |
| CVE-2024-48536 | Incorrect access control in eSoft Planner 3.24.08271-USA allow attackers to view all transactions pe... | | |
| CVE-2024-48538 | Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows att... | | |
| CVE-2024-48539 | Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanis... | | |
| CVE-2024-48540 | Incorrect access control in XIAO HE Smart 4.3.1 allows attackers to access sensitive information by ... | | |
| CVE-2024-48541 | Incorrect access control in the firmware update and download processes of Ruochan Smart v4.4.7 allow... | | |
| CVE-2024-48542 | Incorrect access control in the firmware update and download processes of Yamaha Headphones Controll... | | |
| CVE-2024-48544 | Incorrect access control in the firmware update and download processes of Sylvania Smart Home v3.0.3... | | |
| CVE-2024-48545 | Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows at... | | |
| CVE-2024-48546 | Incorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows at... | | |
| CVE-2024-48547 | Incorrect access control in the firmware update and download processes of DreamCatcher Life v1.8.7 a... | | |
| CVE-2024-48548 | The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical... | | |
| CVE-2024-48569 | Proactive Risk Manager version 9.1.1.0 is affected by multiple Cross-Site Scripting (XSS) vulnerabil... | | |
| CVE-2024-48570 | Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between... | E | |
| CVE-2024-48572 | A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to... | | |
| CVE-2024-48573 | A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to ... | | |
| CVE-2024-48579 | SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a rem... | E | |
| CVE-2024-48580 | SQL Injection vulnerability in Best courier management system in php v.1.0 allows a remote attacker ... | E | |
| CVE-2024-48581 | File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to... | E | |
| CVE-2024-48589 | Cross Site Scripting vulnerability in Gilnei Moraes phpABook v.0.9 allows a remote attacker to execu... | | |
| CVE-2024-48590 | Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) via the NewsReaderSer... | | |
| CVE-2024-48591 | Inflectra SpiraTeam 7.2.00 is vulnerable to Cross Site Scripting (XSS). A specially crafted SVG file... | | |
| CVE-2024-48594 | File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbi... | E | |
| CVE-2024-48597 | Online Clinic Management System v1.0 was discovered to contain a SQL injection vulnerability via the... | E | |
| CVE-2024-48605 | An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via ... | E | |
| CVE-2024-48615 | Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar i... | E | |
| CVE-2024-48622 | A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject Java... | E | |
| CVE-2024-48623 | In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET reque... | E | |
| CVE-2024-48624 | In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be explo... | E | |
| CVE-2024-48629 | D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection ... | | |
| CVE-2024-48630 | D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection ... | | |
| CVE-2024-48631 | D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection ... | | |
| CVE-2024-48632 | D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command inj... | | |
| CVE-2024-48633 | D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command inj... | | |
| CVE-2024-48634 | D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection ... | | |
| CVE-2024-48635 | D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection ... | | |
| CVE-2024-48636 | D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection ... | | |
| CVE-2024-48637 | D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection ... | | |
| CVE-2024-48638 | D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection ... | | |
| CVE-2024-48644 | Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera (Firmware Ver... | | |
| CVE-2024-48645 | In Minecraft mod "Command Block IDE" up to and including version 0.4.9, a missing authorization (CWE... | | |
| CVE-2024-48646 | An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized users ... | E | |
| CVE-2024-48647 | A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attacke... | E | |
| CVE-2024-48648 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in the Sage 1000 v 7.0.0. This vulnerabi... | E | |
| CVE-2024-48651 | In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to... | | |
| CVE-2024-48652 | Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitra... | E | |
| CVE-2024-48654 | Cross Site Scripting vulnerability in Blood Bank v.1 allows a remote attacker to execute arbitrary c... | | |
| CVE-2024-48655 | An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js fi... | E | |
| CVE-2024-48656 | Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allo... | E | |
| CVE-2024-48657 | SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a r... | E | |
| CVE-2024-48659 | An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_... | | |
| CVE-2024-48662 | Cross Site Scripting vulnerability in AdGuard Application v.7.18.1 (4778) and before allows an attac... | | |
| CVE-2024-48694 | File Upload vulnerability in Xi'an Daxi Information technology OfficeWeb365 v.8.6.1.0 and v7.18.23.0... | | |
| CVE-2024-48700 | Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to imp... | | |
| CVE-2024-48702 | PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata pa... | E | |
| CVE-2024-48703 | PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin... | E M | |
| CVE-2024-48704 | Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.ph... | E | |
| CVE-2024-48706 | Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add o... | E | |
| CVE-2024-48707 | Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=a... | E | |
| CVE-2024-48708 | Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file taskli... | E | |
| CVE-2024-48709 | CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the memb... | E | |
| CVE-2024-48710 | In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name wit... | E | |
| CVE-2024-48712 | In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without ch... | E | |
| CVE-2024-48713 | In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name with... | E | |
| CVE-2024-48714 | In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name withou... | E | |
| CVE-2024-48729 | An issue in ETSI Open-Source MANO (OSM) 14.0.x before 14.0.3, 15.0.x before 15.0.2, 16.0.0, and 17.0... | | |
| CVE-2024-48730 | The default configuration in ETSI Open-Source MANO (OSM) v.14.x, v.15.x, v.16.x, v.17.x does not imp... | | |
| CVE-2024-48733 | SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows ... | | |
| CVE-2024-48734 | Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} in SAS Studio 9.... | | |
| CVE-2024-48735 | Directory Traversal in /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath} in SAS Studi... | | |
| CVE-2024-48743 | Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary c... | E M | |
| CVE-2024-48744 | A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPG... | E M | |
| CVE-2024-48746 | An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute arbi... | | |
| CVE-2024-48747 | An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli f... | | |
| CVE-2024-48758 | dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro para... | E | |
| CVE-2024-48760 | An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload f... | E | |
| CVE-2024-48761 | Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inje... | E | |
| CVE-2024-48766 | NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ign... | E M | |
| CVE-2024-48768 | An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obt... | | |
| CVE-2024-48769 | An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensit... | | |
| CVE-2024-48770 | An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensiti... | | |
| CVE-2024-48771 | An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtai... | | |
| CVE-2024-48772 | An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive info... | | |
| CVE-2024-48773 | An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware ... | | |
| CVE-2024-48774 | An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sen... | | |
| CVE-2024-48775 | An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive ... | | |
| CVE-2024-48776 | An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information vi... | | |
| CVE-2024-48777 | LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information v... | | |
| CVE-2024-48778 | An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote attacker... | | |
| CVE-2024-48779 | An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to ... | | |
| CVE-2024-48781 | An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker ... | | |
| CVE-2024-48782 | File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute... | | |
| CVE-2024-48783 | An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via t... | | |
| CVE-2024-48784 | An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to... | | |
| CVE-2024-48786 | An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to o... | | |
| CVE-2024-48787 | An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sen... | | |
| CVE-2024-48788 | An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive info... | | |
| CVE-2024-48789 | An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitv... | | |
| CVE-2024-48790 | An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote attacker to obtain sensitive informati... | | |
| CVE-2024-48791 | An issue in Plug n Play Camera com.starvedia.mCamView.zwave 5.5.1 allows a remote attacker to obtain... | | |
| CVE-2024-48792 | An issue in Hideez com.hideez 2.7.8.3 allows a remote attacker to obtain sensitive information via t... | | |
| CVE-2024-48793 | An issue in INATRONIC com.inatronic.bmw 2.7.1 allows a remote attacker to obtain sensitive informati... | | |
| CVE-2024-48795 | An issue in Creative Labs Pte Ltd com.creative.apps.xficonnect 2.00.02 allows a remote attacker to o... | | |
| CVE-2024-48796 | An issue in EQUES com.eques.plug 1.0.1 allows a remote attacker to obtain sensitive information via ... | | |
| CVE-2024-48797 | An issue in PCS Engineering Preston Cinema (com.prestoncinema.app) 0.2.0 allows a remote attacker to... | | |
| CVE-2024-48798 | An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obt... | | |
| CVE-2024-48799 | An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain s... | | |
| CVE-2024-48806 | Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allows a physically proximate atta... | | |
| CVE-2024-48807 | Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System v.1.0 allows a... | | |
| CVE-2024-48809 | An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote ... | E | |
| CVE-2024-48813 | SQL injection vulnerability in employee-management-system-php-and-mysql-free-download.html taskmatic... | | |
| CVE-2024-48814 | SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote attacker to obtain sensitive informa... | E S | |
| CVE-2024-48818 | An issue in IIT Bombay, Mumbai, India Bodhitree of cs101 version allows a remote attacker to execute... | E | |
| CVE-2024-48821 | Cross Site Scripting vulnerability in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d505... | | |
| CVE-2024-48822 | Privilege escalation in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941... | | |
| CVE-2024-48823 | Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941... | | |
| CVE-2024-48824 | An issue in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 al... | | |
| CVE-2024-48825 | Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote at... | E | |
| CVE-2024-48826 | Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote atta... | E | |
| CVE-2024-48827 | An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalat... | | |
| CVE-2024-48828 | Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Imp... | | |
| CVE-2024-48830 | Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Imp... | | |
| CVE-2024-48831 | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Hard-coded Password vulnera... | | |
| CVE-2024-48837 | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Exe... | | |
| CVE-2024-48838 | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a File... | | |
| CVE-2024-48839 | Remote Code Execution, RCE | | |
| CVE-2024-48840 | Unauthorized Access | | |
| CVE-2024-48841 | Remote Code Execution (RCE) Vulnerabilities | | |
| CVE-2024-48843 | Denial of Service, DoS | | |
| CVE-2024-48844 | Denial of Service, DoS | | |
| CVE-2024-48845 | Weak Password Rules/Strength | | |
| CVE-2024-48846 | Cross Side Request Forgery, CSRF | | |
| CVE-2024-48847 | MD5 bypass operation | | |
| CVE-2024-48848 | LARGECONTENT - device disk overutilization | | |
| CVE-2024-48849 | Authentication and Authorization Issues | | |
| CVE-2024-48850 | Authenticated Absolute Path Traversal | | |
| CVE-2024-48852 | Information disclosures | | |
| CVE-2024-48853 | Authenticated Escalation to guest to root | | |
| CVE-2024-48854 | Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform | | |
| CVE-2024-48855 | Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform | | |
| CVE-2024-48856 | Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform | | |
| CVE-2024-48857 | Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform | | |
| CVE-2024-48858 | Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform | | |
| CVE-2024-48859 | QTS, QuTS hero | S | |
| CVE-2024-48860 | QHora | S | |
| CVE-2024-48861 | QHora | S | |
| CVE-2024-48862 | QuLog Center | S | |
| CVE-2024-48863 | License Center | S | |
| CVE-2024-48864 | File Station 5 | S | |
| CVE-2024-48865 | QTS, QuTS hero | S | |
| CVE-2024-48866 | QTS, QuTS hero | S | |
| CVE-2024-48867 | QTS, QuTS hero | S | |
| CVE-2024-48868 | QTS, QuTS hero | S | |
| CVE-2024-48869 | Improper restriction of software interfaces to hardware features for some Intel(R) Xeon(R) 6 process... | | |
| CVE-2024-48870 | Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a s... | | |
| CVE-2024-48871 | Planet Technology Planet WGS-804HPT Stack-based Buffer Overflow | S | |
| CVE-2024-48872 | Bypass of "Max failed attempts" restriction via race condition | S | |
| CVE-2024-48873 | wifi: rtw89: check return value of ieee80211_probereq_get() for RNR | S | |
| CVE-2024-48874 | Ruijie Reyee OS Server-Side Request Forgery | S | |
| CVE-2024-48875 | btrfs: don't take dev_replace rwsem on task already holding it | S | |
| CVE-2024-48876 | stackdepot: fix stack_depot_save_flags() in NMI context | | |
| CVE-2024-48877 | A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in ... | | |
| CVE-2024-48878 | SQL Injection | | |
| CVE-2024-48881 | bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again | S | |
| CVE-2024-48883 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825... | | |
| CVE-2024-48884 | A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiMa... | S | |
| CVE-2024-48885 | A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRe... | S | |
| CVE-2024-48886 | A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 t... | S | |
| CVE-2024-48887 | A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthent... | S | |
| CVE-2024-48889 | An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulner... | S | |
| CVE-2024-48890 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulner... | S | |
| CVE-2024-48892 | A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all ve... | S | |
| CVE-2024-48893 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7... | S | |
| CVE-2024-48895 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exi... | | |
| CVE-2024-48896 | Moodle: users' names returned in messaging error message | | |
| CVE-2024-48897 | Moodle: idor in edit/delete rss feed | | |
| CVE-2024-48898 | Moodle: some users can delete audiences of other reports | | |
| CVE-2024-48899 | Moodle: idor when accessing list of course badges | | |
| CVE-2024-48900 | Moodle: idor when accessing list of badge recipients | | |
| CVE-2024-48901 | Moodle: idor when fetching report schedules | | |
| CVE-2024-48902 | In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update ... | | |
| CVE-2024-48903 | An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local a... | | |
| CVE-2024-48904 | An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execut... | | |
| CVE-2024-48905 | Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint.... | E | |
| CVE-2024-48906 | Sematell ReplyOne 7.4.3.0 allows XSS via a ReplyDesk e-mail attachment name.... | E | |
| CVE-2024-48907 | Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API.... | E | |
| CVE-2024-48908 | lychee-action vulnerable to arbitrary code injection in composite action | | |
| CVE-2024-48909 | SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not | S | |
| CVE-2024-48910 | DOMPurify vulnerable to tampering by prototype polution | | |
| CVE-2024-48911 | OpenCanary Executes Commands From Potentially Writable Config File | S | |
| CVE-2024-48912 | GLPI vulnerable to authenticated insecure account deletion | | |
| CVE-2024-48913 | Hono vulnerable to bypass of CSRF Middleware by a request without Content-Type header. | | |
| CVE-2024-48914 | Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy | | |
| CVE-2024-48915 | Agent Dart missing certificate verification checks | | |
| CVE-2024-48916 | Ceph is vulnerable to authentication bypass through RadosGW | | |
| CVE-2024-48917 | XXE in PHPSpreadsheet's XLSX reader | E | |
| CVE-2024-48918 | Lack of Input Validation in RDS Light - Potential for Injection Attacks and Memory Tampering | | |
| CVE-2024-48919 | RCE via Prompt Injection Into Cursor's Terminal Cmd-K | | |
| CVE-2024-48920 | PutongOJ: unprivileged users can escalate privileges by constructing requests | | |
| CVE-2024-48921 | Kyverno's PolicyException objects can be created in any namespace by default | E | |
| CVE-2024-48924 | MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow | | |
| CVE-2024-48925 | Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API | | |
| CVE-2024-48926 | Umbraco CMS logout page displayed before session expiration | | |
| CVE-2024-48927 | Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice | | |
| CVE-2024-48929 | Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out | | |
| CVE-2024-48930 | secp256k1-node vulnerable to private key extraction over ECDH | | |
| CVE-2024-48931 | ZimaOS Arbitrary File Read via Parameter Manipulation | E | |
| CVE-2024-48932 | ZimaOS Unauthenticated API Discloses Usernames | E | |
| CVE-2024-48933 | A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to... | M | |
| CVE-2024-48936 | SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in st... | | |
| CVE-2024-48937 | Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the sh... | | |
| CVE-2024-48938 | Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing t... | | |
| CVE-2024-48939 | Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015... | | |
| CVE-2024-48941 | The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows rem... | | |
| CVE-2024-48942 | The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows rem... | | |
| CVE-2024-48944 | Apache Kylin: SSRF vulnerability in the diagnosis api | | |
| CVE-2024-48948 | The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify v... | E | |
| CVE-2024-48949 | The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js ... | S | |
| CVE-2024-48950 | An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was... | | |
| CVE-2024-48951 | An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery (SSRF) on SOAR can be ... | | |
| CVE-2024-48952 | An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate toke... | | |
| CVE-2024-48953 | An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third... | | |
| CVE-2024-48954 | An issue was discovered in Logpoint before 7.5.0. Unvalidated input during the EventHub Collector se... | | |
| CVE-2024-48955 | Broken access control in NetAdmin 4.030319 returns data with functionalities on the endpoint that "a... | | |
| CVE-2024-48956 | Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to se... | | |
| CVE-2024-48957 | execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-b... | S | |
| CVE-2024-48958 | execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-b... | S | |
| CVE-2024-48962 | Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE) | S | |
| CVE-2024-48963 | The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP ... | | |
| CVE-2024-48964 | The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Grad... | S | |
| CVE-2024-48966 | Life2000 service tools for test and calibration do not support user authentication | | |
| CVE-2024-48967 | Life2000 ventilator and Service PC lack sufficient audit logging capabilities | | |
| CVE-2024-48970 | Life2000 Ventilator microcontroller lacks memory protection | | |
| CVE-2024-48971 | Clinician Password and Serial Number Clinician Password are hard-coded in Life2000 Ventilator | | |
| CVE-2024-48973 | Debug port on Life2000 Ventilator serial interface is enabled by default | | |
| CVE-2024-48974 | Life2000 Ventilator does not perform proper file integrity checks when adopting firmware updates | | |
| CVE-2024-48981 | An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamicall... | | |
| CVE-2024-48982 | An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the lengt... | S | |
| CVE-2024-48983 | An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamicall... | | |
| CVE-2024-48984 | An issue was discovered in MBed OS 6.16.0. When parsing hci reports, the hci parsing software dynami... | | |
| CVE-2024-48985 | An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamicall... | | |
| CVE-2024-48986 | An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the lengt... | S | |
| CVE-2024-48987 | Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an a... | E | |
| CVE-2024-48988 | Apache StreamPark: SQL injection vulnerability | | |
| CVE-2024-48989 | A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexro... | | |
| CVE-2024-48990 | Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary ... | S | |
| CVE-2024-48991 | Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary ... | S | |
| CVE-2024-48992 | Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary ... | S | |
| CVE-2024-48993 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-48994 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-48995 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-48996 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-48997 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-48998 | SQL Server Native Client Remote Code Execution Vulnerability | S | |
| CVE-2024-48999 | SQL Server Native Client Remote Code Execution Vulnerability | S |