9.8
CVE-2024-9488 - Comments β wpDiscuz <= 7.6.24 - Authentication Bypass via WordPress.com OAuth provider
The Comments β wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any exisβ¦
4.3
CVE-2024-9109 - UPS Live Rates and Access Points <= 2.3.12 - Missing Authorization to Plugin API key reset
The WooCommerce UPS Shipping β Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_oauth_data function in all versions up to, and including, 2.3.12. This makes it possible for authenticated attackers, wβ¦
5.3
CVE-2024-9686 - Order Notification for Telegram <= 1.0.1 - Missing Authorization to Unauthenticated Send Telegram Tβ¦
The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfw_send_test_message' function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test messβ¦
2
CVE-2024-10372 - chidiwilliams buzz model_loader.py download_model temp file
A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function download_model of the file buzz/model_loader.py. The manipulation leads to insecure temporary file. It is possible to launch the attack on the local host. The complexity of an atβ¦
5.3
CVE-2024-10371 - SourceCodester Payroll Management System main login buffer overflow
A vulnerability classified as critical has been found in SourceCodester Payroll Management System 1.0. This affects the function login of the file main. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used.
6.9
CVE-2024-10370 - Codezips Sales Management System addcustind.php sql injection
A vulnerability was found in Codezips Sales Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /addcustind.php. The manipulation of the argument refno leads to sql injection. The attack may be launched remotely. The exploit has beeβ¦
6.9
CVE-2024-10369 - Codezips Sales Management System addcustcom.php sql injection
A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /addcustcom.php. The manipulation of the argument refno leads to sql injection. The attack can be launched remotely. The exploiβ¦
6.9
CVE-2024-10368 - Codezips Sales Management System addstock.php sql injection
A vulnerability was found in Codezips Sales Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /addstock.php. The manipulation of the argument prodtype leads to sql injection. It is possible to launch the attack remotely. The exploit has been discβ¦
5.1
CVE-2024-10355 - SourceCodester Petrol Pump Management Software invoice.php sql injection
A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/invoice.php. The manipulation of the argument id leads to sql injection. The attack may be launched remoteβ¦
5.1
CVE-2024-10354 - SourceCodester Petrol Pump Management Software print.php sql injection
A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/print.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploβ¦