6.9
CVE-2024-9281 - bg5sbk MiniCMS post-edit.php cross-site request forgery
A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic. This issue affects some unknown processing of the file post-edit.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and maβ¦
8.7
CVE-2024-8607 - SQLi in Oceanic Software's ValeApp
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection.This issue affects ValeApp: before v2.0.0.
7.2
CVE-2024-8608 - Stored XSS in Oceanic Software's ValeApp
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oceanic Software ValeApp allows Stored XSS.This issue affects ValeApp: before v2.0.0.
5.1
CVE-2024-9280 - kalvinGit kvf-admin FileUploadKit.java fileUpload unrestricted upload
A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical. This vulnerability affects the function fileUpload of the file FileUploadKit.java. The manipulation of the argument file leads to unrestricted upload. The attack can be iβ¦
8.8
CVE-2024-8609 - Improper Access Control in Oceanic Software's ValeApp
Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information.This issue affects ValeApp: before v2.0.0.
9.3
CVE-2024-8643 - Session Hijacking in Oceanic Software's ValeApp
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.This issue affects ValeApp: before v2.0.0.
9.3
CVE-2024-8644 - Cleartext Storage of Sensitive Information in Oceanic Software's ValeApp
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).This issue affects ValeApp: before v2.0.0.
5.1
CVE-2024-9279 - funnyzpc Mee-Admin User Center index cross site scripting
A vulnerability, which was classified as problematic, was found in funnyzpc Mee-Admin up to 1.6. This affects an unknown part of the file /mee/index of the component User Center. The manipulation of the argument User Nickname leads to cross site scripting. It is possible to initiate the attack remoβ¦
5.1
CVE-2024-9278 - HuankeMao SCRM Administrator Backend WxkConfig.php upload_domain_verification_file unrestricted uplβ¦
A vulnerability, which was classified as critical, has been found in HuankeMao SCRM up to 0.0.3. Affected by this issue is the function upload_domain_verification_file of the file WxkConfig.php of the component Administrator Backend. The manipulation of the argument domain_verification_file leads tβ¦
5.1
CVE-2024-9277 - Langflow HTTP POST Request utils.py redos
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remaining_text leads to ineβ¦