Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-23 CVE-2024-48213 Path Traversal vulnerability in Rockoa Xinhu 2.6.5
RockOA v2.6.5 is vulnerable to Directory Traversal in webmain/system/beifen/beifenAction.php.
network
low complexity
rockoa CWE-22
4.3
2024-10-23 CVE-2024-10300 SQL Injection vulnerability in PHPgurukul Medical Card Generation System 1.0
A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0.
network
low complexity
phpgurukul CWE-89
7.2
2024-10-23 CVE-2024-10301 SQL Injection vulnerability in PHPgurukul Medical Card Generation System 1.0
A vulnerability, which was classified as critical, was found in PHPGurukul Medical Card Generation System 1.0.
network
low complexity
phpgurukul CWE-89
7.2
2024-10-23 CVE-2024-10298 SQL Injection vulnerability in PHPgurukul Medical Card Generation System 1.0
A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0.
network
low complexity
phpgurukul CWE-89
7.2
2024-10-23 CVE-2024-10299 SQL Injection vulnerability in PHPgurukul Medical Card Generation System 1.0
A vulnerability classified as critical was found in PHPGurukul Medical Card Generation System 1.0.
network
low complexity
phpgurukul CWE-89
7.2
2024-10-23 CVE-2024-48963 OS Command Injection vulnerability in Snyk CLI
The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project.
network
low complexity
snyk CWE-78
critical
9.8
2024-10-23 CVE-2024-48964 Code Injection vulnerability in Snyk CLI
The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project.
network
low complexity
snyk CWE-94
8.8
2024-10-23 CVE-2024-20364 Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device.
network
low complexity
cisco CWE-79
5.4
2024-10-23 CVE-2024-20372 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device.
network
low complexity
cisco CWE-79
6.1
2024-10-23 CVE-2024-20377 Cross-site Scripting vulnerability in Cisco Firepower Management Center
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to the web-based management interface not properly validating user-supplied input.
network
low complexity
cisco CWE-79
5.4