5.9
CVE-2024-11644 - WP-SVG <= 0.9 - Contributor+ Stored XSS via Shortcode
The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
4.8
CVE-2024-11605 - WP Publications <= 1.2 - Admin+ Stored XSS
The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite seβ¦
5.3
CVE-2024-12981 - CodeAstro Car Rental System bookingconfirm.php sql injection
A vulnerability was found in CodeAstro Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bookingconfirm.php. The manipulation of the argument driver_id_from_dropdown leads to sql injection. The attack can be launched remβ¦
6.9
CVE-2024-12980 - code-projects Job Recruitment _all_edits.php fln_update cross site scripting
A vulnerability was found in code-projects Job Recruitment 1.0. It has been classified as problematic. Affected is the function fln_update of the file /_parse/_all_edits.php. The manipulation of the argument fname/lname leads to cross site scripting. It is possible to launch the attack remotely. Thβ¦
6.9
CVE-2024-12979 - code-projects Job Recruitment _all_edits.php cn_update cross site scripting
A vulnerability was found in code-projects Job Recruitment 1.0 and classified as problematic. This issue affects the function cn_update of the file /_parse/_all_edits.php. The manipulation of the argument cname leads to cross site scripting. The attack may be initiated remotely. The exploit has beeβ¦
6.9
CVE-2024-12978 - code-projects Job Recruitment _all_edits.php add_req sql injection
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as critical. This vulnerability affects the function add_req of the file /_parse/_all_edits.php. The manipulation of the argument jid/limit leads to sql injection. The attack can be initiated remotely. The exploit haβ¦
6.5
CVE-2024-9774 - Python-sql: python-sql unary operators does not escape non-expression
A vulnerability was found in python-sql where unary operators do not escape non-Expression.
5.3
CVE-2024-12977 - PHPGurukul Complaint Management System state.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 1.0. This affects an unknown part of the file /admin/state.php. The manipulation of the argument state leads to sql injection. It is possible to initiate the attack remotely. The exploit has been β¦
6.9
CVE-2024-12976 - CodeZips Hospital Management System staff.php sql injection
A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /staff.php. The manipulation of the argument tel leads to sql injection. The attack may be launched remotely. The exploit haβ¦
7.3
CVE-2024-56520 -
An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed.