Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3681 :
No results found.
Remaining NVD entries (unprocessed / no code available): ~254033 :
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2024-07-26 | CVE-2024-42007 | SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files. | N/A | N/A | |
| 2024-07-26 | CVE-2024-38871 | Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module. | N/A | N/A | |
| 2024-07-26 | CVE-2024-38872 | Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module. | N/A | N/A | |
| 2024-07-26 | CVE-2024-39304 | ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the EID parameter in in a GET request to `/GetText.php`. Version 5.9.2 patches the issue. | N/A | N/A | |
| 2024-07-26 | CVE-2023-50700 | Insecure Permissions vulnerability in Deepin dde-file-manager 6.0.54 and earlier allows privileged operations to be called by unprivileged users via the D-Bus method. | N/A | N/A | |
| 2024-07-26 | CVE-2024-24257 | An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component. | N/A | N/A | |
| 2024-07-26 | CVE-2024-26520 | An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets. | N/A | N/A |