Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-22 | CVE-2024-40493 | NULL Pointer Dereference vulnerability in Keith-Cullen Freecoap 1.0 Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_payload(resp)` to return a null pointer, which is then dereferenced in a call to `memcpy`. | 9.8 |
| 2024-10-22 | CVE-2024-44812 | SQL Injection vulnerability in Janobe Online Complaint Site 1.0 SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component. | 9.8 |
| 2024-10-22 | CVE-2024-48415 | Cross-site Scripting vulnerability in Razormist Loan Management System 1.0 itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page. | 5.0 |
| 2024-10-22 | CVE-2024-48652 | Cross-site Scripting vulnerability in Tuzitio Camaleon CMS 2.7.5 Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field. | 4.8 |
| 2024-10-22 | CVE-2024-48656 | Cross-site Scripting vulnerability in Angeljudesuarez Student Management System 1.0 Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. | 4.8 |
| 2024-10-22 | CVE-2024-48657 | SQL Injection vulnerability in Princelycesar Hospital Management System 1.0 SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. | 7.2 |
| 2024-10-22 | CVE-2024-45334 | Unspecified vulnerability in Trendmicro Antivirus ONE Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions. | 7.8 |
| 2024-10-22 | CVE-2024-45335 | Unspecified vulnerability in Trendmicro Antivirus ONE Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection. | 5.5 |
| 2024-10-22 | CVE-2024-46902 | SQL Injection vulnerability in Trendmicro Deep Discovery Inspector 6.6/6.7 A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute high-privileged code (admin user rights) on the target system in order to exploit this vulnerability. | 9.1 |
| 2024-10-22 | CVE-2024-46903 | Unspecified vulnerability in Trendmicro Deep Discovery Inspector 6.6/6.7 A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 6.5 |