Security Vulnerabilities - CVEs Published In August 2024
A Stored Cross Site Scripting (XSS) vulnerability was found in "manage_houses.php" in SourceCodester Best House Rental Management System v1.0. It allows remote attackers to execute arbitrary code via "House_no" and "Description" parameter fields.
CVSS Score
5.4
EPSS Score
0.007
Published
2024-08-12
A Reflected Cross Site Scripting (XSS) vulnerability was found in "edit-cate.php" in SourceCodester House Rental Management System v1.0.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-08-12
SourceCodester Best House Rental Management System v1.0 is vulnerable to Incorrect Access Control via /rental/payment_report.php, /rental/balance_report.php, /rental/invoices.php, /rental/tenants.php, and /rental/users.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-08-12
A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester Best House Rental Management System v1.0. This could lead to an attacker tricking the administrator into adding/modifying/deleting valid tenant data via a crafted HTML page, as demonstrated by a Delete Tenant action at the /rental/ajax.php?action=delete_tenant.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-08-12
A SQL injection vulnerability in "/oahms/admin/forgot-password.php" in PHPGurukul Old Age Home Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "email" parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-08-12
A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields
CVSS Score
5.4
EPSS Score
0.007
Published
2024-08-12
An improper access control vulnerability exists in the mintplex-labs/anything-llm application, specifically within the import endpoint. This vulnerability allows an anonymous attacker, without an account in the application, to import their own database file, leading to the deletion or spoofing of the existing `anythingllm.db` file. By exploiting this vulnerability, attackers can serve malicious data to users or collect information about them. The vulnerability stems from the application's failure to properly restrict access to the data-import functionality, allowing unauthorized database manipulation.
CVSS Score
9.1
EPSS Score
0.003
Published
2024-08-12
Improper check or handling of exceptional conditions vulnerability
affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated
remote attacker to cause a denial of service. A specially-crafted
HTTP request to pre-authentication resources can crash the service.
CVSS Score
9.1
EPSS Score
0.006
Published
2024-08-12
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS Score
6.5
EPSS Score
0.002
Published
2024-08-12
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
CVSS Score
7.5
EPSS Score
0.007
Published
2024-08-12