5.7
CVE-2024-47827 - Argo Workflows Controller: Denial of Service via malicious daemon Workflows
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerabilityโฆ
5.3
CVE-2024-10450 - SourceCodester Kortex Lite Advocate Office Management System POST Parameter edit_profile.php sql inโฆ
A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /kortex_lite/control/edit_profile.php of the component POST Parameter Handler. The manipulation of the argument id leadsโฆ
7.5
CVE-2024-45802 - Squid Denial of Service
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted servโฆ
6.9
CVE-2024-10449 - Codezips Hospital Appointment System loginAction.php sql injection
A vulnerability, which was classified as critical, was found in Codezips Hospital Appointment System 1.0. This affects an unknown part of the file /loginAction.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has beenโฆ
3.5
CVE-2024-10214 - Incorrect Session Creation with Desktop SSO
Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings.
6.6
CVE-2024-49761 - REXML ReDoS vulnerability
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXMโฆ
6.9
CVE-2024-10448 - code-projects Blood Bank Management System delete.php cross-site request forgery
A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /file/delete.php. The manipulation of the argument bid leads to cross-site request forgery. The attack may be launโฆ
7.5
CVE-2024-10455 - Reachable Assertion in ยตD3TN
Reachable Assertion in BPv7 parser in ยตD3TN v0.14.0 allows attacker to disrupt service via malformed Extension Block
6.5
CVE-2024-50443 - WordPress PostX plugin <= 4.1.12 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post.This issue affects PostX: from n/a through <= 4.1.12.
5.3
CVE-2024-10447 - Project Worlds Online Time Table Generator staffdashboard.php sql injection
A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. The attack caโฆ