5.3
CVE-2024-8558 - SourceCodester Food Ordering Management System Price place-order.php improper validation of specifiβ¦
A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0. This vulnerability affects unknown code of the file /foms/routers/place-order.php of the component Price Handler. The manipulation of the argument total leads to improper validation of specifiβ¦
5.3
CVE-2024-8557 - SourceCodester Food Ordering Management System cancel-order.php sql injection
A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System 1.0. This affects an unknown part of the file /foms/routers/cancel-order.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploβ¦
6.9
CVE-2024-8555 - SourceCodester Clinics Patient Management System congratulations.php redirect
A vulnerability was found in SourceCodester Clinics Patient Management System 2.0. It has been classified as problematic. Affected is an unknown function of the file congratulations.php. The manipulation of the argument goto_page leads to open redirect. It is possible to launch the attack remotely.β¦
7.5
CVE-2024-40681 - IBM MQ security bypass
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.
5.5
CVE-2024-40680 - IBM MQ denial of service
IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.
5.9
CVE-2024-37068 - IBM Maximo Application Suite information disclosure
IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques.
5.3
CVE-2024-8554 - SourceCodester Clinics Patient Management System users.php cross site scripting
A vulnerability was found in SourceCodester Clinics Patient Management System 2.0 and classified as problematic. This issue affects some unknown processing of the file /users.php. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The exploβ¦
5.3
CVE-2024-6010 - Cost Calculator Builder PRO <= 3.2.1 - Unauthenticated Price Manipulation
The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1. This is due to the plugin allowing the price field to be manipulated prior to processing via the 'create_cc_order' function, called from the Cost Calculator Builder β¦
6.6
CVE-2024-7620 - Customizer Export/Import <= 0.9.7 - Authenticated (Admin+) Arbitrary File Upload via Customization β¦
The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to uploβ¦
8.8
CVE-2024-7112 - Pinpoint Booking System <= 2.9.9.5.0- Authenticated (Subscriber+) SQL Injection
The Pinpoint Booking System β #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the βscheduleβ parameter in all versions up to, and including, 2.9.9.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing Sβ¦