Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-22 | CVE-2024-10229 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. | 8.1 |
| 2024-10-22 | CVE-2024-10230 | Type Confusion vulnerability in Google Chrome Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2024-10-22 | CVE-2024-10231 | Type Confusion vulnerability in Google Chrome Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2024-10-22 | CVE-2024-40493 | NULL Pointer Dereference vulnerability in Keith-Cullen Freecoap 1.0 Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_payload(resp)` to return a null pointer, which is then dereferenced in a call to `memcpy`. | 9.8 |
| 2024-10-22 | CVE-2024-44812 | SQL Injection vulnerability in Janobe Online Complaint Site 1.0 SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component. | 9.8 |
| 2024-10-22 | CVE-2024-48415 | Cross-site Scripting vulnerability in Razormist Loan Management System 1.0 itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page. | 5.0 |
| 2024-10-22 | CVE-2024-48652 | Cross-site Scripting vulnerability in Tuzitio Camaleon CMS 2.7.5 Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field. | 4.8 |
| 2024-10-22 | CVE-2024-48656 | Cross-site Scripting vulnerability in Angeljudesuarez Student Management System 1.0 Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. | 4.8 |
| 2024-10-22 | CVE-2024-48657 | SQL Injection vulnerability in Princelycesar Hospital Management System 1.0 SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. | 7.2 |
| 2024-10-22 | CVE-2024-45334 | Unspecified vulnerability in Trendmicro Antivirus ONE Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions. | 7.8 |