Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-22 | CVE-2024-48652 | Cross-site Scripting vulnerability in Tuzitio Camaleon CMS 2.7.5 Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field. | 4.8 |
2024-10-22 | CVE-2024-48656 | Cross-site Scripting vulnerability in Angeljudesuarez Student Management System 1.0 Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. | 4.8 |
2024-10-22 | CVE-2024-48657 | SQL Injection vulnerability in Princelycesar Hospital Management System 1.0 SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. | 7.2 |
2024-10-22 | CVE-2024-45334 | Unspecified vulnerability in Trendmicro Antivirus ONE Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions. | 7.8 |
2024-10-22 | CVE-2024-45335 | Unspecified vulnerability in Trendmicro Antivirus ONE Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection. | 5.5 |
2024-10-22 | CVE-2024-46902 | SQL Injection vulnerability in Trendmicro Deep Discovery Inspector 6.6/6.7 A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute high-privileged code (admin user rights) on the target system in order to exploit this vulnerability. | 9.1 |
2024-10-22 | CVE-2024-46903 | Unspecified vulnerability in Trendmicro Deep Discovery Inspector 6.6/6.7 A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 6.5 |
2024-10-22 | CVE-2024-45518 | Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. | 8.8 |
2024-10-22 | CVE-2024-46538 | Cross-site Scripting vulnerability in Netgate Pfsense 2.5.2 A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php. | 4.8 |
2024-10-22 | CVE-2024-48570 | SQL Injection vulnerability in PHPgurukul Client Management System 1.0 Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php. | 7.5 |