Common Vulnerabilities and Exposures (CVE)

CVE-2024-48787

Jul 5, 2026 00:47:57 UTC

An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process.

CVE-2024-48786

Jul 5, 2026 00:47:53 UTC

An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process.

CVE-2024-48773

Jul 5, 2026 00:47:24 UTC

An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process

CVE-2024-48772

Jul 5, 2026 00:47:20 UTC

An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process.

CVE-2024-48771

Jul 5, 2026 00:47:16 UTC

An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process

CVE-2024-48768

Jul 5, 2026 00:47:04 UTC

An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process

CVE-2024-46606

Jul 5, 2026 00:46:58 UTC

A cross-site scripting (XSS) vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.

CVE-2024-46605

Jul 5, 2026 00:46:54 UTC

A cross-site scripting (XSS) vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.

CVE-2024-46532

Jul 5, 2026 00:46:50 UTC

SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component.

CVE-2024-46446

Jul 5, 2026 00:46:46 UTC

Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Websit...

CVE-2024-46307

Jul 5, 2026 00:46:42 UTC

A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.

CVE-2024-46088

Jul 5, 2026 00:46:38 UTC

An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary code via uploading a crafted file.

CVE-2024-45933

Jul 5, 2026 00:46:34 UTC

OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint.

CVE-2024-45932

Jul 5, 2026 00:46:30 UTC

Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2.

CVE-2024-45874

Jul 5, 2026 00:46:26 UTC

A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe.