8.5
CVE-2024-7401 - Client Enrollment Process Bypass
Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token βOrgkeyβ as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customeβ¦
6.9
CVE-2024-8174 - code-projects Blood Bank System Login Page login.php cross site scripting
A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login.php of the component Login Page. The manipulation of the argument user leads to cross site scripting. The attack can be β¦
5.3
CVE-2024-43283 - WordPress Contest Gallery plugin <= 23.1.2 - Unauthenticated Comment UserID And IP address Disclosuβ¦
Insertion of Sensitive Information Into Sent Data vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 23.1.2.
7.5
CVE-2024-43289 - WordPress wpForo Forum plugin <= 2.3.4 - Unauthenticated Sensitive Data Exposure vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.
4.3
CVE-2024-43319 - WordPress HTML5 Video Player plugin <= 2.5.31 - Sensitive Data Exposure vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in bPlugins LLC Flash & HTML5 Video.This issue affects Flash & HTML5 Video: from n/a through 2.5.31.
6.9
CVE-2024-8173 - code-projects Blood Bank System Login Page login.php sql injection
A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file /login.php of the component Login Page. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exβ¦
5.3
CVE-2024-8172 - SourceCodester QR Code Attendance System delete-student.php cross site scripting
A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Attendance System 1.0. This issue affects some unknown processing of the file /endpoint/delete-student.php. The manipulation of the argument student/attendance leads to cross site scripting. The attack maβ¦
5.3
CVE-2024-8171 - itsourcecode Tailoring Management System staffcatedit.php sql injection
A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. This vulnerability affects unknown code of the file staffcatedit.php. The manipulation of the argument title leads to sql injection. The attack can be initiated remotely. The exploit has been disclosedβ¦
5.3
CVE-2024-8170 - SourceCodester Zipped Folder Manager App add-folder.php unrestricted upload
A vulnerability classified as problematic has been found in SourceCodester Zipped Folder Manager App 1.0. This affects an unknown part of the file /endpoint/add-folder.php. The manipulation of the argument folder leads to unrestricted upload. It is possible to initiate the attack remotely. The explβ¦
5.9
CVE-2024-43967 - WordPress WP Testimonial Widget plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Stark Digital WP Testimonial Widget allows Stored XSS.This issue affects WP Testimonial Widget: from n/a through 3.1.