Common Vulnerabilities and Exposures (CVE)

CVE-2024-34891

Jul 5, 2026 00:50:05 UTC

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request.

CVE-2024-34887

Jul 5, 2026 00:49:58 UTC

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request.

CVE-2024-34885

Jul 5, 2026 00:49:53 UTC

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request.

CVE-2024-34883

Jul 5, 2026 00:49:49 UTC

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request.

CVE-2024-34882

Jul 5, 2026 00:49:45 UTC

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request.

CVE-2023-46344

Jul 5, 2026 00:49:41 UTC

A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group f...

CVE-2024-48352

Jul 5, 2026 00:49:37 UTC

Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID.

CVE-2024-51066

Jul 5, 2026 00:49:33 UTC

An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information (PII) of other customers.

CVE-2024-51065

Jul 5, 2026 00:49:29 UTC

Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php via the the username parameter.

CVE-2024-51064

Jul 5, 2026 00:49:25 UTC

Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid parameter to admin/queries.php.

CVE-2024-51063

Jul 5, 2026 00:49:21 UTC

Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection in add-teacher.php via the mobile number or email parameter.

CVE-2024-51060

Jul 5, 2026 00:49:17 UTC

Projectworlds Online Admission System v1 is vulnerable to SQL Injection in index.php via the 'a_id' parameter.

CVE-2024-48544

Jul 5, 2026 00:49:13 UTC

Incorrect access control in the firmware update and download processes of Sylvania Smart Home v3.0.3 allows attackers to access sensitive information by analyzing the code and data within the APK file.

CVE-2024-48539

Jul 5, 2026 00:49:09 UTC

Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism.

CVE-2024-48538

Jul 5, 2026 00:49:05 UTC

Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.