6.9
CVE-2024-7637 - code-projects Online Polling Registration registeracc.php sql injection
A vulnerability was found in code-projects Online Polling 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file registeracc.php of the component Registration. The manipulation of the argument email leads to sql injection. The attack may be launched remβ¦
6.9
CVE-2024-7636 - code-projects Simple Ticket Booking Login authenticate.php sql injection
A vulnerability was found in code-projects Simple Ticket Booking 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file authenticate.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack β¦
6.9
CVE-2024-7635 - code-projects Simple Ticket Booking Registration register_insert.php sql injection
A vulnerability was found in code-projects Simple Ticket Booking 1.0. It has been classified as critical. Affected is an unknown function of the file register_insert.php of the component Registration Handler. The manipulation of the argument name/email/dob/password/Gender/phone leads to sql injectiβ¦
2.7
CVE-2024-22123 - Zabbix Arbitrary File Read
Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and smβ¦
8.6
CVE-2024-7408 - Information Disclosure Vulnerability in Airveda Air Quality Monitor
This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this vulnerabiβ¦
9.9
CVE-2024-22116 - Remote code execution within ping script
An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.
4.3
CVE-2024-22114 - System Information Widget in Global View Dashboard exposes information about Hosts to Users withoutβ¦
User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard.
7.5
CVE-2024-36462 - Allocation of resources without limits or throttling (uncontrolled resource consumption)
Uncontrolled resource consumption refers to a software vulnerability where a attacker or system uses excessive resources, such as CPU, memory, or network bandwidth, without proper limitations or controls. This can cause a denial-of-service (DoS) attack or degrade the performance of the affected sysβ¦
9.1
CVE-2024-36461 - Direct access to memory pointers within the JS engine for modification
Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.
5.3
CVE-2024-6562 - affiliate-toolkit <= 3.5.5 - Unauthenticated Full Path Dislcosure
The affiliate-toolkit β WordPress Affiliate Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.5. This is due display_errors being set to true . This makes it possible for unauthenticated attackers to retrieve the full path of the web applicaβ¦