Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-03 CVE-2024-10730 SQL Injection vulnerability in Tongda2000 Office Anywhere
A vulnerability, which was classified as critical, has been found in Tongda OA up to 11.6.
network
low complexity
tongda2000 CWE-89
critical
 9.8
9.8
2024-11-02 CVE-2024-10701 Cross-site Scripting vulnerability in PHPgurukul CAR Rental Portal 1.0
A vulnerability was found in PHPGurukul Car Rental Portal 1.0.
network
low complexity
phpgurukul CWE-79
6.1
6.1
2024-11-02 CVE-2024-10702 SQL Injection vulnerability in Fabinros Simple CAR Rental System 1.0
A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0.
network
low complexity
fabinros CWE-89
critical
 9.8
9.8
2024-11-02 CVE-2024-10700 SQL Injection vulnerability in Anisha University Event Management System 1.0
A vulnerability was found in code-projects University Event Management System 1.0.
network
low complexity
anisha CWE-89
critical
 9.8
9.8
2024-11-02 CVE-2024-10699 SQL Injection vulnerability in Anisha Wazifa System 1.0
A vulnerability was found in code-projects Wazifa System 1.0.
network
low complexity
anisha CWE-89
critical
 9.8
9.8
2024-11-02 CVE-2024-10698 Out-of-bounds Write vulnerability in Tenda AC6 Firmware 15.03.05.19
A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2024-11-02 CVE-2024-10697 Command Injection vulnerability in Tenda AC6 Firmware 15.03.05.19
A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2024-11-02 CVE-2024-9896 Cross-site Scripting vulnerability in Spider-Themes BBP Core
The BBP Core – Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5.
network
low complexity
spider-themes CWE-79
6.1
6.1
2024-11-02 CVE-2024-51774 Improper Certificate Validation vulnerability in Qbittorrent
qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors.
network
high complexity
qbittorrent CWE-295
8.1
8.1
2024-11-02 CVE-2024-10310 Cross-site Scripting vulnerability in Bdthemes Element Pack
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Gallery Widget 'image_title' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping.
network
low complexity
bdthemes CWE-79
5.4
5.4