6.9
CVE-2025-34499 - AnyDesk 9.0.1 Unquoted Service Path Privilege Escalation Vulnerability
AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with high-levelβ¦
8.6
CVE-2024-58313 - xbtitFM 4.1.18 Insecure File Upload in file_hosting Feature
xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the file_hosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif, β¦
8.7
CVE-2024-58312 - xbtitFM 4.1.18 Unauthenticated Path Traversal in nfogen.php
xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like using encoded path traversal characters in HTTP requeβ¦
8.7
CVE-2024-58310 - APC Network Management Card 4 Path Traversal via Directory Traversal
APC Network Management Card 4 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like /etc/passwd by using encoded path travβ¦
8.7
CVE-2024-58309 - xbtitFM 4.1.18 Unauthenticated SQL Injection in shoutedit.php
xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database namesβ¦
9.3
CVE-2024-58308 - Quick.CMS 6.7 SQL Injection Authentication Bypass via Admin Login
Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative access to the system.
9.3
CVE-2024-58307 - CSZCMS 1.3.0 Authenticated SQL Injection via Members View Endpoint
CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks aβ¦
8.7
CVE-2024-58306 - minaliC 2.0.0 Denial of Service Vulnerability via Large GET Request
minaliC 2.0.0 contains a denial of service vulnerability that allows remote attackers to crash the web server by sending oversized GET requests. Attackers can send crafted HTTP requests with excessive data to overwhelm the server and cause service interruption.
5.3
CVE-2024-58304 - SPA-CART CMS 1.9.0.3 Stored Cross-Site Scripting
SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary cβ¦
8.6
CVE-2024-58303 - FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings
FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.