CVE-2024-28595

Public exploit
SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php.
Max CVSS
N/A
EPSS Score
0.10%
Published
2024-03-19
Updated
2024-03-19

CVE-2024-27747

Public exploit
File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component.
Max CVSS
N/A
EPSS Score
0.10%
Published
2024-03-01
Updated
2024-03-13

CVE-2024-27746

Public exploit
SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component.
Max CVSS
N/A
EPSS Score
0.10%
Published
2024-03-01
Updated
2024-03-13

CVE-2024-27744

Public exploit
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component.
Max CVSS
N/A
EPSS Score
0.10%
Published
2024-03-01
Updated
2024-03-13

CVE-2024-27743

Public exploit
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php component.
Max CVSS
N/A
EPSS Score
0.10%
Published
2024-03-01
Updated
2024-03-13

CVE-2024-27612

Public exploit
Numbas editor before 7.3 mishandles editing of themes and extensions.
Max CVSS
N/A
EPSS Score
0.14%
Published
2024-03-08
Updated
2024-03-08

CVE-2024-27198

Known exploited
Public exploit
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Max CVSS
9.8
EPSS Score
97.21%
Published
2024-03-04
Updated
2024-03-11
CISA KEV Added
2024-03-07

CVE-2024-25832

Public exploit
F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-29
Updated
2024-02-29

CVE-2024-25830

Public exploit
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-29
Updated
2024-02-29

CVE-2024-25004

Public exploit
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-02-09
Updated
2024-02-14

CVE-2024-24401

Public exploit
SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-26
Updated
2024-02-26

CVE-2024-24050

Public exploit
Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Journal App 1.0 allows attackers to run arbitrary code via parameters firstname and lastname in /add-user.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-20
Updated
2024-03-21

CVE-2024-23749

Public exploit
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.
Max CVSS
N/A
EPSS Score
0.08%
Published
2024-02-09
Updated
2024-02-09

CVE-2024-22836

Public exploit
An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.
Max CVSS
9.8
EPSS Score
0.45%
Published
2024-02-08
Updated
2024-02-15

CVE-2024-22318

Public exploit
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.
Max CVSS
5.5
EPSS Score
0.06%
Published
2024-02-09
Updated
2024-02-16

CVE-2024-21893

Known exploited
Public exploit
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
Max CVSS
8.2
EPSS Score
96.25%
Published
2024-01-31
Updated
2024-02-01
CISA KEV Added
2024-01-31

CVE-2024-21887

Known exploited
Public exploit
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
Max CVSS
9.1
EPSS Score
97.32%
Published
2024-01-12
Updated
2024-01-22
CISA KEV Added
2024-01-10

CVE-2024-21626

Public exploit
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
Max CVSS
8.6
EPSS Score
5.06%
Published
2024-01-31
Updated
2024-02-19

CVE-2024-2054

Public exploit
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.
Max CVSS
N/A
EPSS Score
0.51%
Published
2024-03-05
Updated
2024-03-21

CVE-2024-1709

Known exploited
Public exploit
Used for ransomware
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
Max CVSS
10.0
EPSS Score
93.46%
Published
2024-02-21
Updated
2024-02-23
CISA KEV Added
2024-02-22

CVE-2024-1708

Public exploit
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.
Max CVSS
8.4
EPSS Score
0.05%
Published
2024-02-21
Updated
2024-02-22

CVE-2024-1346

Public exploit
Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants.
Max CVSS
6.8
EPSS Score
0.04%
Published
2024-02-19
Updated
2024-02-20

CVE-2024-0204

Public exploit
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
Max CVSS
9.8
EPSS Score
53.86%
Published
2024-01-22
Updated
2024-02-02

CVE-2023-52251

Public exploit
An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.
Max CVSS
8.8
EPSS Score
2.88%
Published
2024-01-25
Updated
2024-02-29

CVE-2023-51467

Public exploit
The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code
Max CVSS
9.8
EPSS Score
68.50%
Published
2023-12-26
Updated
2024-01-04
2578 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!