Security Vulnerabilities - CVEs Published In 2024
iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently fails to control the size, and it is consequently possible to overflow memory on the stack.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-12-16
An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen.
CVSS Score
4.8
EPSS Score
0.003
Published
2024-12-16
A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Online Nurse Hiring System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fullname parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2024-12-16
Online Nurse Hiring System v1.0 was discovered to contain a SQL injection vulnerability in the component /admin/profile.php via the fullname parameter.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-12-16
Online Nurse Hiring System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component /admin/add-nurse.php via the gender and emailid parameters.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-12-16
A vulnerability, which was classified as problematic, has been found in ruifang-tech Rebuild 3.8.5. This issue affects some unknown processing of the component Project Task Comment Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
3.5
EPSS Score
0.002
Published
2024-12-16
A vulnerability, which was classified as problematic, was found in ruifang-tech Rebuild 3.8.5. Affected is an unknown function of the component Task Comment Attachment Upload. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
3.5
EPSS Score
0.002
Published
2024-12-16
A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation leads to improper handling of insufficient privileges. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
4.7
EPSS Score
0.003
Published
2024-12-16
A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /invoices/view. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
CVSS Score
3.7
EPSS Score
0.002
Published
2024-12-16
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.
This issue affects PlexTrac: from 1.61.3 before 2.8.1.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-12-16