NA - CVE-2024-57522 - SourceCodester Packers and Movers Management...
SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during...
NA - CVE-2024-12510 - If LDAP settings are accessed, authentication...
If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup.
NA - CVE-2024-57004 - Cross-Site Scripting (XSS) vulnerability in...
Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by...
NA - CVE-2024-57237 - Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05...
Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting (XSS) in the /reqproc/proc_get endpoint. The vulnerability arises because the cmd parameter does not properly...
NA - CVE-2024-57238 - Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05...
Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting...
Medium - CVE-2024-11132 - The Eventer plugin for WordPress is vulnerable...
The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on...
Medium - CVE-2024-11133 - The Eventer plugin for WordPress is vulnerable...
The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function in all versions up to, and...
Medium - CVE-2024-11134 - The Eventer plugin for WordPress is vulnerable...
The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventer_export_bookings_csv' function in all versions up to, and...
NA - CVE-2024-12511 - With address book access, SMB/FTP settings...
With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.