Security Vulnerabilities - CVEs Published In 2024
RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized access to user documents.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-12-09
A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-12-09
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading to unauthorized action with elevated privileges.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-12-09
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of certain apps/OS or Denial of Service.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-12-09
Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.01
Published
2024-12-09
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-12-09
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials.
CVSS Score
9.1
EPSS Score
0.003
Published
2024-12-09
SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in product_title parameter, allows attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-12-09
A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-12-09
A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-12-09