9.8
CVE-2024-28557 -
SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php.
9.8
CVE-2024-28556 -
SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin-manage-user.php.
7.5
CVE-2024-1135 - HTTP Request Smuggling in benoitc/gunicorn
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handliβ¦
5
CVE-2023-3597 - Keycloak: secondary factor bypass in step-up authentication
A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication.
7.5
CVE-2024-24485 -
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to obtain sensitive information via the GET EEP_DATA command.
8.8
CVE-2024-22014 -
An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete.
5.4
CVE-2020-22540 -
Stored Cross-Site Scripting (XSS) vulnerability in Codoforum v4.9, allows attackers to execute arbitrary code and obtain sensitive information via crafted payload to Category name component.
6.1
CVE-2024-31652 -
A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter.
9.8
CVE-2024-28056 -
Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently sts:AssumeRoβ¦
6.8
CVE-2024-24487 -
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command.