8.7
CVE-2024-58309 - xbtitFM 4.1.18 Unauthenticated SQL Injection in shoutedit.php
xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database namesβ¦
9.3
CVE-2024-58308 - Quick.CMS 6.7 SQL Injection Authentication Bypass via Admin Login
Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative access to the system.
9.3
CVE-2024-58307 - CSZCMS 1.3.0 Authenticated SQL Injection via Members View Endpoint
CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks aβ¦
8.7
CVE-2024-58306 - minaliC 2.0.0 Denial of Service Vulnerability via Large GET Request
minaliC 2.0.0 contains a denial of service vulnerability that allows remote attackers to crash the web server by sending oversized GET requests. Attackers can send crafted HTTP requests with excessive data to overwhelm the server and cause service interruption.
5.3
CVE-2024-58304 - SPA-CART CMS 1.9.0.3 Stored Cross-Site Scripting
SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary cβ¦
8.6
CVE-2024-58303 - FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings
FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.
6.9
CVE-2024-58302 - FoF Pretty Mail 1.1.2 Local File Inclusion via Email Template Settings
FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email geβ¦
9.3
CVE-2024-58301 - Purei CMS 1.0 SQL Injection via Multiple Vulnerable Endpoints
Purei CMS 1.0 contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through unfiltered user input parameters. Attackers can exploit vulnerable endpoints like getAllParks.php and events-ajax.php by injecting crafted SQL payloads to potentially eβ¦
8.7
CVE-2024-58300 - Siklu MultiHaul TG Series < 2.0.0 Unauthenticated Credential Disclosure Vulnerability
Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send a specific hex-encoded command to port 12777 to obtain username and password, enabling diβ¦
8.8
CVE-2025-66419 - MaxKB vulnerable to privilege escalation through sandbox bypass
MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.