5.3
CVE-2024-10411 - SourceCodester Online Hotel Reservation System controller.php doCheckout sql injection
A vulnerability was found in SourceCodester Online Hotel Reservation System 1.0. It has been classified as critical. Affected is the function doCancelRoom/doCancel/doConfirm/doCancel/doCheckin/doCheckout of the file /marimar/admin/mod_room/controller.php. The manipulation of the argument id leads tβ¦
5.3
CVE-2024-10410 - SourceCodester Online Hotel Reservation System controller.php upload unrestricted upload
A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Affected by this vulnerability is the function upload of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. The attack can beβ¦
5.3
CVE-2024-10409 - code-projects Blood Bank Management accept.php sql injection
A vulnerability was found in code-projects Blood Bank Management 1.0 and classified as critical. This issue affects some unknown processing of the file /file/accept.php. The manipulation of the argument reqid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosβ¦
5.3
CVE-2024-10408 - code-projects Blood Bank Management abs.php sql injection
A vulnerability has been found in code-projects Blood Bank Management up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /abs.php. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been discloβ¦
7.2
CVE-2024-50611 -
CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation, rathβ¦
5.9
CVE-2024-50602 - libexpat: expat: DoS via XML_ResumeParser
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
9.8
CVE-2024-50623 -
In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.
5.3
CVE-2024-50612 - libsndfile: Segmentation fault error in ogg_vorbis.c:417 vorbis_analysis_wrote()
libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.
6.5
CVE-2024-50613 - libsndfile: Reachable assertion in mpeg_l3_encoder_close
libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
5.9
CVE-2024-50624 -
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is reβ¦