5.3

CVSS4.0

CVE-2024-8784 - QDocs Smart School Management System Chat mynewuser sql injection

A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0. Affected by this vulnerability is an unknown functionality of the file /user/chat/mynewuser of the component Chat. The manipulation of the argument users[] with the input 1'+AND+(SELECT+3220+FROM+(SELECT…

πŸ“… Published: Sept. 13, 2024, 6:31 p.m. πŸ”„ Last Modified: Sept. 19, 2024, 1:38 a.m.

5.3

CVSS4.0

CVE-2024-8783 - OpenTibiaBR MyAAC Post Reply new_post.php cross site scripting

A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16. Affected is an unknown function of the file system/pages/forum/new_post.php of the component Post Reply Handler. The manipulation of the argument post_topic leads to cross site scripting. It is possible to l…

πŸ“… Published: Sept. 13, 2024, 6:31 p.m. πŸ”„ Last Modified: Sept. 19, 2024, 1:38 a.m.

5.3

CVSS4.0

CVE-2024-8782 - JFinalCMS edit delete path traversal

A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public…

πŸ“… Published: Sept. 13, 2024, 6 p.m. πŸ”„ Last Modified: Sept. 19, 2024, 1:46 a.m.

6.7

CVSS3.1

CVE-2024-45105 -

An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code.

πŸ“… Published: Sept. 13, 2024, 5:29 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.3

CVSS3.1

CVE-2024-45104 -

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.

πŸ“… Published: Sept. 13, 2024, 5:28 p.m. πŸ”„ Last Modified: Dec. 13, 2024, 7:19 p.m.

4.3

CVSS3.1

CVE-2024-45103 -

A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.

πŸ“… Published: Sept. 13, 2024, 5:28 p.m. πŸ”„ Last Modified: Dec. 13, 2024, 7:19 p.m.

6.8

CVSS3.1

CVE-2024-45101 -

A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL.

πŸ“… Published: Sept. 13, 2024, 5:27 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.2

CVSS3.1

CVE-2024-8281 -

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell.

πŸ“… Published: Sept. 13, 2024, 5:27 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.2

CVSS3.1

CVE-2024-8280 -

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file.

πŸ“… Published: Sept. 13, 2024, 5:27 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.2

CVSS3.1

CVE-2024-8279 -

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.

πŸ“… Published: Sept. 13, 2024, 5:27 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 8567 of 34,919
Β« previous page Β» next page
Filters