www.tenable.com
Open in
urlscan Pro
2606:4700:4400::ac40:92c0
Public Scan
Submitted URL: http://www.tenablecloud.cn/cve
Effective URL: https://www.tenable.com/cve
Submission: On May 20 via manual from GB — Scanned from GB
Effective URL: https://www.tenable.com/cve
Submission: On May 20 via manual from GB — Scanned from GB
Form analysis 0 forms found in the DOM
Text Content
*
* CVEs
* Settings
LINKS
Tenable Cloud Tenable Community & Support Tenable University
Severity
CVSS v2CVSS v3
Theme
LightDarkAuto
Help
*
* Plugins
OverviewPlugins PipelineNewestUpdatedSearchNessus FamiliesWAS FamiliesNNM
FamiliesLCE FamiliesTenable OT Security FamiliesAbout Plugin FamiliesRelease
Notes
* Audits
OverviewNewestUpdatedSearch Audit FilesSearch
ItemsReferencesAuthoritiesDocumentationDownload All Audit Files
* Policies
OverviewSearchAWS ResourcesAzure ResourcesGCP ResourcesKubernetes Resources
* Indicators
OverviewSearchIndicators of AttackIndicators of Exposure
* CVEs
OverviewNewestUpdatedSearch
* Attack Path Techniques
OverviewSearch
* Links
Tenable CloudTenable Community & SupportTenable University
* Settings
Severity
CVSS v2CVSS v3
Theme
LightDarkAuto
DETECTIONS
* Plugins
OverviewPlugins PipelineRelease NotesNewestUpdatedSearchNessus FamiliesWAS
FamiliesNNM FamiliesLCE FamiliesTenable OT Security FamiliesAbout Plugin
Families
* Audits
OverviewNewestUpdatedSearch Audit FilesSearch
ItemsReferencesAuthoritiesDocumentationDownload All Audit Files
* Policies
OverviewSearchAWS ResourcesAzure ResourcesGCP ResourcesKubernetes Resources
* Indicators
OverviewSearchIndicators of AttackIndicators of Exposure
ANALYTICS
* CVEs
OverviewNewestUpdatedSearch
* Attack Path Techniques
OverviewSearch
CVES
Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and
their affected products. Tenable augments the data to include related Tenable
Plugins that detect each vulnerability. 251572 CVEs are indexed from NVD.
RSS FEEDS
* Newest CVEs
* Updated CVEs
SEARCH
NEWEST ›
* CVE-2024-5136
LOW
A vulnerability classified as problematic has been found in PHPGurukul
Directory Management System 1.0. Affected is an unknown function of the file
/admin/search-directory.php.. The manipulation leads to cross site scripting.
It is possible to launch the attack remotely. The exploit has been disclosed
to the public and may be used. The identifier of this vulnerability is
VDB-265212.
* CVE-2024-5135
HIGH
A vulnerability was found in PHPGurukul Directory Management System 1.0. It
has been rated as critical. This issue affects some unknown processing of the
file /admin/index.php. The manipulation of the argument username leads to sql
injection. The attack may be initiated remotely. The exploit has been
disclosed to the public and may be used. The associated identifier of this
vulnerability is VDB-265211.
* CVE-2024-3761
CRITICAL
In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at
`packages/backend/src/api/v1/datasets` is vulnerable to unauthorized dataset
deletion due to missing authorization and authentication mechanisms. This
vulnerability allows any user, even those without a valid token, to delete a
dataset by sending a DELETE request to the endpoint. The issue was fixed in
version 1.2.8. The impact of this vulnerability is significant as it permits
unauthorized users to delete datasets, potentially leading to data loss or
disruption of service.
* CVE-2024-5134
MEDIUM
A vulnerability was found in SourceCodester Electricity Consumption
Monitoring Tool 1.0. It has been declared as critical. This vulnerability
affects unknown code of the file /endpoint/delete-bill.php. The manipulation
of the argument bill leads to sql injection. The attack can be initiated
remotely. The exploit has been disclosed to the public and may be used.
VDB-265210 is the identifier assigned to this vulnerability.
* CVE-2024-5123
MEDIUM
A vulnerability classified as problematic has been found in SourceCodester
Event Registration System 1.0. This affects an unknown part of the file
/registrar/. The manipulation of the argument searchbar leads to cross site
scripting. It is possible to initiate the attack remotely. The exploit has
been disclosed to the public and may be used. The associated identifier of
this vulnerability is VDB-265203.
* CVE-2024-1968
HIGH
In scrapy/scrapy, an issue was identified where the Authorization header is
not removed during redirects that only change the scheme (e.g., HTTPS to
HTTP) but remain within the same domain. This behavior contravenes the Fetch
standard, which mandates the removal of Authorization headers in cross-origin
requests when the scheme, host, or port changes. Consequently, when a
redirect downgrades from HTTPS to HTTP, the Authorization header may be
inadvertently exposed in plaintext, leading to potential sensitive
information disclosure to unauthorized actors. The flaw is located in the
_build_redirect_request function of the redirect middleware.
* CVE-2024-5122
HIGH
A vulnerability was found in SourceCodester Event Registration System 1.0. It
has been rated as critical. Affected by this issue is some unknown
functionality of the file /registrar/. The manipulation of the argument
search leads to sql injection. The attack may be launched remotely. The
exploit has been disclosed to the public and may be used. VDB-265202 is the
identifier assigned to this vulnerability.
* CVE-2024-5121
LOW
A vulnerability was found in SourceCodester Event Registration System 1.0. It
has been declared as problematic. Affected by this vulnerability is an
unknown functionality of the file /registrar/?page=registration. The
manipulation of the argument e leads to cross site scripting. The attack can
be launched remotely. The exploit has been disclosed to the public and may be
used. The identifier VDB-265201 was assigned to this vulnerability.
* CVE-2024-5120
MEDIUM
A vulnerability was found in SourceCodester Event Registration System 1.0. It
has been classified as critical. Affected is an unknown function of the file
/registrar/?page=registration. The manipulation of the argument e leads to
sql injection. It is possible to launch the attack remotely. The exploit has
been disclosed to the public and may be used. The identifier of this
vulnerability is VDB-265200.
* CVE-2024-5119
MEDIUM
A vulnerability was found in SourceCodester Event Registration System 1.0 and
classified as critical. This issue affects some unknown processing of the
file /classes/Master.php?f=load_registration. The manipulation of the
argument last_id/event_id leads to sql injection. The attack may be initiated
remotely. The exploit has been disclosed to the public and may be used. The
associated identifier of this vulnerability is VDB-265199.
UPDATED ›
* CVE-2024-5136
LOW
A vulnerability classified as problematic has been found in PHPGurukul
Directory Management System 1.0. Affected is an unknown function of the file
/admin/search-directory.php.. The manipulation leads to cross site scripting.
It is possible to launch the attack remotely. The exploit has been disclosed
to the public and may be used. The identifier of this vulnerability is
VDB-265212.
* CVE-2024-5135
HIGH
A vulnerability was found in PHPGurukul Directory Management System 1.0. It
has been rated as critical. This issue affects some unknown processing of the
file /admin/index.php. The manipulation of the argument username leads to sql
injection. The attack may be initiated remotely. The exploit has been
disclosed to the public and may be used. The associated identifier of this
vulnerability is VDB-265211.
* CVE-2024-5134
MEDIUM
A vulnerability was found in SourceCodester Electricity Consumption
Monitoring Tool 1.0. It has been declared as critical. This vulnerability
affects unknown code of the file /endpoint/delete-bill.php. The manipulation
of the argument bill leads to sql injection. The attack can be initiated
remotely. The exploit has been disclosed to the public and may be used.
VDB-265210 is the identifier assigned to this vulnerability.
* CVE-2024-5123
MEDIUM
A vulnerability classified as problematic has been found in SourceCodester
Event Registration System 1.0. This affects an unknown part of the file
/registrar/. The manipulation of the argument searchbar leads to cross site
scripting. It is possible to initiate the attack remotely. The exploit has
been disclosed to the public and may be used. The associated identifier of
this vulnerability is VDB-265203.
* CVE-2024-5122
HIGH
A vulnerability was found in SourceCodester Event Registration System 1.0. It
has been rated as critical. Affected by this issue is some unknown
functionality of the file /registrar/. The manipulation of the argument
search leads to sql injection. The attack may be launched remotely. The
exploit has been disclosed to the public and may be used. VDB-265202 is the
identifier assigned to this vulnerability.
* CVE-2024-5121
LOW
A vulnerability was found in SourceCodester Event Registration System 1.0. It
has been declared as problematic. Affected by this vulnerability is an
unknown functionality of the file /registrar/?page=registration. The
manipulation of the argument e leads to cross site scripting. The attack can
be launched remotely. The exploit has been disclosed to the public and may be
used. The identifier VDB-265201 was assigned to this vulnerability.
* CVE-2024-5120
MEDIUM
A vulnerability was found in SourceCodester Event Registration System 1.0. It
has been classified as critical. Affected is an unknown function of the file
/registrar/?page=registration. The manipulation of the argument e leads to
sql injection. It is possible to launch the attack remotely. The exploit has
been disclosed to the public and may be used. The identifier of this
vulnerability is VDB-265200.
* CVE-2024-5119
MEDIUM
A vulnerability was found in SourceCodester Event Registration System 1.0 and
classified as critical. This issue affects some unknown processing of the
file /classes/Master.php?f=load_registration. The manipulation of the
argument last_id/event_id leads to sql injection. The attack may be initiated
remotely. The exploit has been disclosed to the public and may be used. The
associated identifier of this vulnerability is VDB-265199.
* CVE-2024-5118
HIGH
A vulnerability has been found in SourceCodester Event Registration System
1.0 and classified as critical. This vulnerability affects unknown code of
the file /admin/login.php. The manipulation of the argument username/password
leads to sql injection. The attack can be initiated remotely. The exploit has
been disclosed to the public and may be used. VDB-265198 is the identifier
assigned to this vulnerability.
* CVE-2024-5117
HIGH
A vulnerability, which was classified as critical, was found in
SourceCodester Event Registration System 1.0. This affects an unknown part of
the file portal.php. The manipulation of the argument username/password leads
to sql injection. It is possible to initiate the attack remotely. The exploit
has been disclosed to the public and may be used. The identifier VDB-265197
was assigned to this vulnerability.
* Tenable.com
* Community & Support
* Documentation
* Education
* © 2024 Tenable®, Inc. All Rights Reserved
* Privacy Policy
* Legal
* 508 Compliance