9.3
CVE-2024-56198 - path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability
path-sanitizer is a simple lightweight npm package for sanitizing paths to prevent Path Traversal. Prior to 3.1.0, the filters can be bypassed using .=%5c which results in a path traversal. This vulnerability is fixed in 3.1.0.
8.7
CVE-2024-56802 - Tapir allows DeployKey exposure
Tapir is a private Terraform registry. Tapir versions 0.9.0 and 0.9.1 are facing a critical issue with scope-able Deploykeys where attackers can guess the key to get write access to the registry. User must upgrade to 0.9.2.
0.0
CVE-2024-56809 -
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2024. Notes: none
5.3
CVE-2024-13072 - 1000 Projects Beauty Parlour Management System Customer Detail add-customer-services.php sql injectβ¦
A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add-customer-services.php of the component Customer Detail Handler. The manipulation of the argument sids[] leads tβ¦
5.3
CVE-2024-13070 - CodeAstro Online Food Ordering System Update User Page update_users.php sql injection
A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_users.php of the component Update User Page. The manipulation of the argument user_upd leads to sql injectioβ¦
8.8
CVE-2024-25133 - Openshift-dedicated: hive: rce through aws/kubernetes client configuration leads to privilege escalβ¦
A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod.
7.5
CVE-2023-6603 - Ffmpeg: null pointer dereference in ffmpeg hls parsing
A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization.
5.3
CVE-2023-6602 - Ffmpeg: improper handling of input format in tty demuxer of ffmpeg
A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists.
0.0
CVE-2024-49686 - WordPress Landing Page Cat plugin <= 1.7.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in fatcatapps Landing Page Cat landing-page-cat.This issue affects Landing Page Cat: from n/a through <= 1.7.4.
0.0
CVE-2024-49687 - WordPress Smart Manager plugin <= 8.45.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in storeapps Smart Manager smart-manager-for-wp-e-commerce.This issue affects Smart Manager: from n/a through <= 8.45.0.