7.7
CVE-2024-10975 - Nomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write Permission
Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad โฆ
8.7
CVE-2024-10007 - Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalaโฆ
A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administrator access to the GitHub Enterprise Server instance. This โฆ
6.9
CVE-2024-10969 - 1000 Projects Bookstore Management System Login login_process.php sql injection
A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login_process.php of the component Login. The manipulation of the argument unm/pwd leads to sql injection. The attack maโฆ
6.9
CVE-2024-10968 - 1000 Projects Bookstore Management System contact_process.php sql injection
A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /contact_process.php. The manipulation of the argument fnm leads to sql injection. The attack can be launched remotelyโฆ
6.9
CVE-2024-10967 - code-projects E-Health Care System delete_user_appointment_request.php sql injection
A vulnerability was found in code-projects E-Health Care System 1.0. It has been classified as critical. Affected is an unknown function of the file /Doctor/delete_user_appointment_request.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely.โฆ
5.3
CVE-2024-10966 - TOTOLINK X18 cstecgi.cgi os command injection
A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotelyโฆ
3.4
CVE-2024-51993 - Password is stored in clear in the database in Combodo iTop
Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their backโฆ
7.1
CVE-2024-51994 - Cross-site Scripting in portal picture upload in Combodo iTop
Combodo iTop is a web based IT Service Management tool. In affected versions uploading a text file containing some java script in the portal will trigger an Cross-site Scripting (XSS) vulnerability. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no knโฆ
7.1
CVE-2024-51995 - Logic bug in ajax.render.php allows for bypass of 'backOffice' access control in Combodo iTop
Combodo iTop is a web based IT Service Management tool. An attacker can request any `route` we want as long as we specify an `operation` that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in `UI.php` to the `ajax.render.php` page which doeโฆ
7.1
CVE-2024-51989 - Cross-site Scripting (XSS) Vulnerability in PasswordPusher
Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting (XSS) vulnerability was identified in the PasswordPusher application, affecting versions `v1.41.1` through and including `v.1.48.0`. The issue arises from an un-sanitized parameteโฆ