5.3
CVE-2024-49395 - Mutt: neomutt: bcc email header field is indirectly leaked by cryptographic info block
In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.
4.8
CVE-2024-51187 -
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page.
8.1
CVE-2024-46966 -
The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity component.
8.1
CVE-2024-48322 -
UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability.
8
CVE-2024-51186 -
D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions.
5.3
CVE-2024-11059 - Project Worlds Free Download Online Shopping System success.php sql injection
A vulnerability was found in Project Worlds Free Download Online Shopping System up to 192.168.1.88. It has been rated as critical. This issue affects some unknown processing of the file /online-shopping-webvsite-in-php-master/success.php. The manipulation of the argument id leads to sql injection.β¦
5.1
CVE-2024-11058 - CodeAstro Real Estate Management System About Us Page aboutedit.php sql injection
A vulnerability was found in CodeAstro Real Estate Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /aboutedit.php of the component About Us Page. The manipulation of the argument id leads to sql injection. The attack can be initiateβ¦
6.9
CVE-2024-11057 - Codezips Hospital Appointment System removeBranchResult.php sql injection
A vulnerability has been found in Codezips Hospital Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /removeBranchResult.php. The manipulation of the argument ID/Name leads to sql injection. The attack can be launched remotelyβ¦
8.7
CVE-2024-11056 - Tenda AC10 WifiExtraSet FUN_0046AC38 stack-based overflow
A vulnerability, which was classified as critical, was found in Tenda AC10 16.03.10.13. Affected is the function FUN_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The explβ¦
6.9
CVE-2024-11055 - 1000 Projects Beauty Parlour Management System admin-profile.php sql injection
A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. This issue affects some unknown processing of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. The attack may be initiated reβ¦