CVE Radar.

You can follow the current trends of security vulnerabilities.

CVE-2024-22245

(vmware)

Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs). Continue Reading

CRITICAL

CVE-2024-1709

(cisa-cg)

CVSS: 10

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. Continue Reading

CRITICAL

CVE-2024-21410

(microsoft)

CVSS: 9.8

Microsoft Exchange Server Elevation of Privilege Vulnerability Continue Reading

CRITICAL

CVE-2024-1708

(cisa-cg)

CVSS: 8.4

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems. Continue Reading

HIGH

CVE-2024-27198

(JetBrains)

CVSS: 9.8

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible Continue Reading

CRITICAL

CVE-2024-21413

(microsoft)

CVSS: 9.8

Microsoft Outlook Remote Code Execution Vulnerability Continue Reading

CRITICAL

CVE-2024-21338

(microsoft)

CVSS: 7.8

Windows Kernel Elevation of Privilege Vulnerability Continue Reading

HIGH

CVE-2024-27199

(JetBrains)

CVSS: 7.3

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible Continue Reading

HIGH

CVE-2020-3259

(cisco)

CVSS: 7.5

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. Continue Reading

HIGH

CVE-2024-20337

(cisco)

CVSS: 8.2

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access. Continue Reading

HIGH

CVE-2024-4672

(VulDB)

CVSS: 3.5

A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/show_student_subject.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263593 was assigned to this vulnerability. Continue Reading

LOW

CVE-2024-4654

(VulDB)

CVSS: 6.3

A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTI_CODE leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263499. Continue Reading

MEDIUM

CVE-2024-4653

(VulDB)

CVSS: 6.3

A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /xds/outIndex.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263498 is the identifier assigned to this vulnerability. Continue Reading

MEDIUM

CVE-2024-4652

(VulDB)

CVSS: 3.5

A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263496. Continue Reading

LOW

CVE-2024-4651

(VulDB)

CVSS: 3.5

A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263495. Continue Reading

LOW

CVE-2024-4650

(VulDB)

CVSS: 3.5

A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_due_payment.php. The manipulation of the argument due_month leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263494 is the identifier assigned to this vulnerability. Continue Reading

LOW

CVE-2024-4649

(VulDB)

CVSS: 3.5

A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263493 was assigned to this vulnerability. Continue Reading

LOW

CVE-2024-4648

(VulDB)

CVSS: 3.5

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /view/student_exam_mark_update_form.php. The manipulation of the argument std_index leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263492. Continue Reading

LOW

CVE-2024-4647

(VulDB)

CVSS: 3.5

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/student_first_payment.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263491. Continue Reading

LOW

CVE-2024-4646

(VulDB)

CVSS: 3.5

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263490 is the identifier assigned to this vulnerability. Continue Reading

LOW

CVE-2024-4645

(VulDB)

CVSS: 3.5

A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /Admin/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263489 was assigned to this vulnerability. Continue Reading

LOW

CVE-2024-4644

(VulDB)

CVSS: 3.5

A vulnerability has been found in SourceCodester Prison Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /Employee/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263488. Continue Reading

LOW

CVE-2024-4601

(INCIBE)

CVSS: 6.7

An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an attacker to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer value. Continue Reading

MEDIUM

CVE-2024-4600

(INCIBE)

CVSS: 7.1

Cross-Site Request Forgery vulnerability in Socomec Net Vision, version 7.20. This vulnerability could allow an attacker to trick registered users into performing critical actions, such as adding and updating accounts, due to lack of proper sanitisation of the ‘set_param.cgi’ file. Continue Reading

HIGH

Description

Affected

References

Attack Vector:

Attack Complexity (AC):

Privileges Required (PR):

User Interaction (UI):

Scope (S):

Availability Impact (A):

Confidentiality Impact (C):

Integrity Impact (I):

Vector String:

Get Free 100 Credits Monthly

Try first, decide later! Get started with a free plan. You can cancel at any time.

Start Free Trial

Ponarize offers an online tool that allows you to check whether a URL & IP address categorization and reputation scoring solution is classified in our Databases. Our goal is to offer you this service at the most affordable prices. We are happy to help you and enjoy working tog.

Spam Check IP Lookup Domain Lookup About Pricing Blog

Contact FAQ GDPR Privacy Policy Terms & Conditions

[email protected]