Security Vulnerabilities - CVEs Published In August 2024
A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester Best House Rental Management System v1.0. This could lead to an attacker tricking the administrator into adding/modifying/deleting valid tenant data via a crafted HTML page, as demonstrated by a Delete Tenant action at the /rental/ajax.php?action=delete_tenant.
CVSS Score
8.0
EPSS Score
0.002
Published
2024-08-12
A SQL injection vulnerability in "/oahms/admin/forgot-password.php" in PHPGurukul Old Age Home Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "email" parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-08-12
A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields
CVSS Score
5.4
EPSS Score
0.004
Published
2024-08-12
A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter.
CVSS Score
8.1
EPSS Score
0.002
Published
2024-08-12
An improper access control vulnerability exists in the mintplex-labs/anything-llm application, specifically within the import endpoint. This vulnerability allows an anonymous attacker, without an account in the application, to import their own database file, leading to the deletion or spoofing of the existing `anythingllm.db` file. By exploiting this vulnerability, attackers can serve malicious data to users or collect information about them. The vulnerability stems from the application's failure to properly restrict access to the data-import functionality, allowing unauthorized database manipulation.
CVSS Score
9.1
EPSS Score
0.003
Published
2024-08-12
Improper check or handling of exceptional conditions vulnerability
affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated
remote attacker to cause a denial of service. A specially-crafted
HTTP request to pre-authentication resources can crash the service.
CVSS Score
9.4
EPSS Score
0.008
Published
2024-08-12
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS Score
6.5
EPSS Score
0.002
Published
2024-08-12
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
CVSS Score
7.5
EPSS Score
0.029
Published
2024-08-12
Stack-based buffer overflow vulnerabilities affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior, enable an unauthenticated remote attacker to
execute arbitrary code.
CVSS Score
10.0
EPSS Score
0.032
Published
2024-08-12
An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs.
CVSS Score
6.5
EPSS Score
0.004
Published
2024-08-12