Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-09 | CVE-2024-54919 | Cross-site Scripting vulnerability in Lopalopa E-Learning Management System 1.0 A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. | 5.4 |
| 2024-12-09 | CVE-2024-54920 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters. | 9.8 |
| 2024-12-09 | CVE-2024-52480 | Unspecified vulnerability in Astoundify Jobify Missing Authorization vulnerability in Astoundify Jobify - Job Board WordPress Theme.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3. | 9.8 |
| 2024-12-09 | CVE-2024-53948 | Unspecified vulnerability in Apache Superset Generation of Error Message Containing analytics metadata Information in Apache Superset. This issue affects Apache Superset: before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue. | 5.3 |
| 2024-12-09 | CVE-2024-53949 | Incorrect Authorization vulnerability in Apache Superset Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). | 6.5 |
| 2024-12-09 | CVE-2024-54929 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php. | 7.2 |
| 2024-12-09 | CVE-2024-54936 | Cross-site Scripting vulnerability in Lopalopa E-Learning Management System 1.0 A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. | 5.4 |
| 2024-12-09 | CVE-2024-54937 | Unspecified vulnerability in Lopalopa E-Learning Management System 1.0 A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets. | 5.3 |
| 2024-12-09 | CVE-2024-8259 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection.This issue affects NatraCar B2B Dealer Management Program: through 09.12.2024. NOTE: The vendor was contacted and it was learned that the product is not supported. network low complexity critical | 9.8 |
| 2024-12-09 | CVE-2023-23715 | Missing Authorization vulnerability in Ultimatemember Jobboardwp Missing Authorization vulnerability in JobBoardWP JobBoardWP – Job Board Listings and Submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoardWP – Job Board Listings and Submissions: from n/a through 1.2.2. | 8.8 |