8.1
CVE-2024-45404 - OpenCTI's lack of Rate Limit lead to OTP brute forcing
OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the accoโฆ
5.3
CVE-2024-12489 - code-projects Online Class and Exam Scheduling System term.php sql injection
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/term.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploโฆ
7.8
CVE-2024-11872 - Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability
Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target systeโฆ
8.8
CVE-2024-11949 - GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists withiโฆ
9.8
CVE-2024-11948 - GFI Archiver Telerik Web UI Remote Code Execution Vulnerability
GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the product installer. The โฆ
8.8
CVE-2024-11947 - GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists withinโฆ
8.8
CVE-2024-11950 - XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability
XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit this vulnerability in that the target must vโฆ
5.3
CVE-2024-12488 - code-projects Online Class and Exam Scheduling System subject_update.php sql injection
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/subject_update.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotโฆ
5.3
CVE-2024-12487 - code-projects Online Class and Exam Scheduling System room_update.php sql injection
A vulnerability has been found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/room_update.php. The manipulation of the argument id leads to sql injection. The attack can be launchโฆ
5.3
CVE-2024-12486 - code-projects Online Class and Exam Scheduling System rank_update.php sql injection
A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/rank_update.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. Thโฆ