6.5
CVE-2024-33663 - python-jose: algorithm confusion with OpenSSH ECDSA keys and other key formats
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.
4.7
CVE-2024-30890 -
Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an attacker to obtain sensitive information via the categories.php component.
7.8
CVE-2024-32324 -
Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp function in rc program.
8.8
CVE-2024-33247 -
Sourcecodester Employee Task Management System v1.0 is vulnerable to SQL Injection via admin-manage-user.php.
6.8
CVE-2024-30939 -
An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure.
5
CVE-2024-31574 -
Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attacker to execute arbitrary code via a crafted script
7.5
CVE-2024-2829 - Inefficient Regular Expression Complexity in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. A crafted wildcard filter in FileFinder may lead to a denial of service.
9.8
CVE-2024-31615 -
ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php.
6.3
CVE-2024-31610 -
File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file.
8.5
CVE-2024-2434 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab
An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.