Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-22 CVE-2024-48652 Cross-site Scripting vulnerability in Tuzitio Camaleon CMS 2.7.5
Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.
network
low complexity
tuzitio CWE-79
4.8
2024-10-22 CVE-2024-48656 Cross-site Scripting vulnerability in Angeljudesuarez Student Management System 1.0
Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code.
network
low complexity
angeljudesuarez CWE-79
4.8
2024-10-22 CVE-2024-48657 SQL Injection vulnerability in Princelycesar Hospital Management System 1.0
SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code.
network
low complexity
princelycesar CWE-89
7.2
2024-10-22 CVE-2024-45334 Unspecified vulnerability in Trendmicro Antivirus ONE
Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions.
local
low complexity
trendmicro
7.8
2024-10-22 CVE-2024-45335 Unspecified vulnerability in Trendmicro Antivirus ONE
Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection.
local
low complexity
trendmicro
5.5
2024-10-22 CVE-2024-46902 SQL Injection vulnerability in Trendmicro Deep Discovery Inspector 6.6/6.7
A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute high-privileged code (admin user rights) on the target system in order to exploit this vulnerability.
network
low complexity
trendmicro CWE-89
critical
9.1
2024-10-22 CVE-2024-46903 Unspecified vulnerability in Trendmicro Deep Discovery Inspector 6.6/6.7
A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
network
low complexity
trendmicro
6.5
2024-10-22 CVE-2024-45518 Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46.
network
low complexity
zimbra CWE-918
8.8
2024-10-22 CVE-2024-46538 Cross-site Scripting vulnerability in Netgate Pfsense 2.5.2
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.
network
low complexity
netgate CWE-79
4.8
2024-10-22 CVE-2024-48570 SQL Injection vulnerability in PHPgurukul Client Management System 1.0
Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php.
network
low complexity
phpgurukul CWE-89
7.5