6.6
CVE-2024-44141 -
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. A person with physical access to an unlocked Mac may be able to gain root code execution.
5.5
CVE-2024-40810 -
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause a coprocessor crash.
5.5
CVE-2024-44185 - webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected processβ¦
The issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.
6.9
CVE-2024-10336 - SourceCodeHero Clothes Recommendation System Admin Login Page index.php sql injection
A vulnerability was found in SourceCodeHero Clothes Recommendation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/index.php of the component Admin Login Page. The manipulation of the argument t1 leads to sql injection. The attack may be initβ¦
6.9
CVE-2024-10335 - SourceCodester Garbage Collection Management System login.php sql injection
A vulnerability was found in SourceCodester Garbage Collection Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. Theβ¦
6.9
CVE-2024-9692 - Improper Access Control in Input in VIMESA VHF/FM Transmitter Blue Plus
VIMESA VHF/FM Transmitter Blue Plus is suffering from a Denial-of-Service (DoS) vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint 'doreboot' and restart the transmitter operations.
0.0
CVE-2024-10347 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
6.1
CVE-2024-45031 - Apache Syncope: Stored XSS in Console and Enduser
When editing objects in the Syncope Console, incomplete HTML tags could be used to bypass HTML sanitization. This made it possible to inject stored XSS payloads which would trigger for other users during ordinary usage of the application. XSS payloads could also be injected in Syncope Enduser when β¦
5.4
CVE-2024-49693 - WordPress Mega Elements β Addons for Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulneraβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kraft Plugins Mega Elements mega-elements-addons-for-elementor allows Stored XSS.This issue affects Mega Elements: from n/a through <= 1.2.6.
5.4
CVE-2024-49695 - WordPress WP Flow Plus plugin <= 5.2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through <= 5.2.3.