6.3
CVE-2024-9907 - QileCMS Verification Code Forget.php sendEmail password recovery
A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability affects the function sendEmail of the file /qilecms/user/controller/Forget.php of the component Verification Code Handler. The manipulation leads to weak password recovery. The attack can be initiated remโฆ
5.3
CVE-2024-9906 - SourceCodester Online Eyewear Shop cross site scripting
A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument Code leads to cross site scripting. It is possible to launch the attackโฆ
5.3
CVE-2024-9905 - SourceCodester Online Eyewear Shop sql injection
A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument id leads to sql injection. The attack may be initiated remโฆ
5.1
CVE-2024-9904 - 07FLYCMS/07FLY-CMS/07FlyCRM pictureUpload unrestricted upload
A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. Thโฆ
5.1
CVE-2024-9903 - 07FLYCMS/07FLY-CMS/07FlyCRM fileUpload unrestricted upload
A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The expโฆ
5.3
CVE-2024-9894 - code-projects Blood Bank System reset.php sql injection
A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file reset.php. The manipulation of the argument useremail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosedโฆ
5.3
CVE-2024-9979 - Pyo3: risk of use-after-free in `borrowed` reads from python weak references
A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.
7.2
CVE-2024-8757 - Boost Your Blog's Engagement with WP Post Author <= 3.8.1 - Authenticated (Administrator+) SQL Injeโฆ
The WP Post Author โ Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the linked_user_id parameter in all versions up to, and iโฆ
4.3
CVE-2024-8902 - Elementor Addon Elements <= 1.13.8 - Authenticated (Contributor+) Sensitive Information Exposure viโฆ
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/widgets/data-table.php. This makes it possible for authenticated attackers, with Contributor-level acceโฆ
6.4
CVE-2024-9595 - TablePress <= 2.4.2 - Authenticated (Author+) Stored Cross-Site Scripting
The TablePress โ Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, witโฆ