5.3
CVE-2024-8610 - SourceCodester Best House Rental Management System New Tenant Page index.php cross site scripting
A vulnerability classified as problematic has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /index.php?page=tenants of the component New Tenant Page. The manipulation of the argument Last Name/First Name/Middle Name leads to cross β¦
8.2
CVE-2024-6796 - Vulnerability in Baxter Connex Health Portal
In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content.
10
CVE-2024-6795 - Vulnerability in Baxter Connex Health Portal
In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database.Β An attacker could have submitted a crafted payload to Connex portal that could have resulted in mβ¦
9.3
CVE-2024-42500 -
HPE has identified a denial of service vulnerability in HPE HP-UX System's Network File System (NFSv4) services.
7.5
CVE-2024-45296 - path-to-regexp outputs backtracking regular expressions
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loβ¦
8.6
CVE-2024-45411 - Twig has a possible sandbox bypass
Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.
5.5
CVE-2024-45406 - Craft CMS stored XSS in breadcrumb list and title fields
Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input.
6.9
CVE-2024-8605 - code-projects Inventory Management Registration Form registration.php cross site scripting
A vulnerability classified as problematic was found in code-projects Inventory Management 1.0. This vulnerability affects unknown code of the file /view/registration.php of the component Registration Form. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. The β¦
6.9
CVE-2024-8604 - SourceCodester Online Food Ordering System Create an Account Page index.php cross site scripting
A vulnerability classified as problematic has been found in SourceCodester Online Food Ordering System 2.0. This affects an unknown part of the file index.php of the component Create an Account Page. The manipulation of the argument First Name/Last Name leads to cross site scripting. It is possibleβ¦
2.4
CVE-2024-8042 - Rapid7 Insight Platform Unauthorized Empty Group Creation
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect cβ¦