6.9
CVE-2024-7813 - SourceCodester Prison Management System Profile Image insufficiently protected credentials
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. This issue affects some unknown processing of the file /uploadImage/Profile/ of the component Profile Image Handler. The manipulation leads to insufficiently protected credentials. Tβ¦
5.3
CVE-2024-7812 - SourceCodester Best House Rental Management System POST Parameter ajax.php cross site scripting
A vulnerability classified as problematic was found in SourceCodester Best House Rental Management System 1.0. This vulnerability affects unknown code of the file /rental_0/rental/ajax.php?action=save_tenant of the component POST Parameter Handler. The manipulation of the argument lastname leads toβ¦
5.5
CVE-2024-25024 - IBM QRadar Suite Software information disclosure
IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430.
5.3
CVE-2024-7811 - SourceCodester Daily Expenses Monitoring App delete-expense.php sql injection
A vulnerability classified as critical has been found in SourceCodester Daily Expenses Monitoring App 1.0. This affects an unknown part of the file /endpoint/delete-expense.php. The manipulation of the argument expense leads to sql injection. It is possible to initiate the attack remotely. The explβ¦
8.1
CVE-2024-7628 - MStore API β Create Native Android & iOS Apps On The Cloud <= 4.15.2 - Authentication Bypass to Accβ¦
The MStore API β Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. This is due to the use of loose comparison in the 'verify_id_token' function. This makes it possible for unauthenticated attackers to β¦
8.1
CVE-2024-7624 - Zephyr Project Manager <= 3.3.101 - Authenticated (Subscriber+) Limited Privilege Escalation
The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. This is due to the plugin not properly checking a users capabilities before allowing them to enable access to the plugin's settings through the update_user_acβ¦
5.8
CVE-2024-7420 - Insert PHP Code Snippet <= 1.3.6 - Cross-Site Request Forgery to Code Snippet Activate/Deactivate/Dβ¦
The Insert PHP Code Snippet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation in the /admin/snippets.php file. This makes it possible for unauthenticated attackers to activate/deactivateβ¦
5.3
CVE-2024-7810 - SourceCodester Online Graduate Tracer System view_itprofile.php sql injection
A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tracking/admin/view_itprofile.php. The manipulation of the argument id leads to sql injection. The attack may be launched rβ¦
6.9
CVE-2024-7809 - SourceCodester Online Graduate Tracer System nbproject exposure of information through directory liβ¦
A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /tracking/nbproject/. The manipulation leads to exposure of information through directory listing. The attack caβ¦
6.9
CVE-2024-7808 - code-projects Job Portal logindbc.php sql injection
A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file logindbc.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to theβ¦