7.5
CVE-2024-24746 - Apache NimBLE: Denial of service in NimBLE Bluetooth stack
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE.ย Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device. This issue affects Apache NimBLE: through 1.6.0. Users are recommended to upgrโฆ
9
CVE-2024-25029 - IBM Personal Communications code execution
IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the coโฆ
7.5
CVE-2024-22328 - IBM Maximo Application Suite information disclosure
IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 279950.
7.3
CVE-2024-3376 - SourceCodester Computer Laboratory Management System config.php redirect
A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file config.php. The manipulation of the argument url leads to execution after redirect. It is possible to initiate the attack remotely. The exploitโฆ
6.3
CVE-2024-3369 - code-projects Car Rental add-vehicle.php unrestricted upload
A vulnerability, which was classified as critical, has been found in code-projects Car Rental 1.0. Affected by this issue is some unknown functionality of the file add-vehicle.php. The manipulation of the argument Upload Image leads to unrestricted upload. The attack may be launched remotely. The eโฆ
3.5
CVE-2024-3366 - Xuxueli xxl-job Template JdkSerializeTool.java deserialize injection
A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has been disclosed to tโฆ
3.5
CVE-2024-3365 - SourceCodester Online Library System controller.php cross site scripting
A vulnerability was found in SourceCodester Online Library System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/users/controller.php. The manipulation of the argument user_name leads to cross site scripting. The attack may be initiated remotely.โฆ
3.5
CVE-2024-3364 - SourceCodester Online Library System index.php cross site scripting
A vulnerability was found in SourceCodester Online Library System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file admin/books/index.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploitโฆ
5.5
CVE-2024-2296 - Photo Gallery by 10Web โ Mobile-Friendly Image Gallery <= 1.8.21 - Authenticated (Admin+) Stored Crโฆ
The Photo Gallery by 10Web โ Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackeโฆ
6.4
CVE-2024-2132 - Ultimate Bootstrap Elements for Elementor <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Siteโฆ
The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Widget in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authentโฆ