9.1
CVE-2024-32113 - Apache OFBiz: Path traversal leading to RCE
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue.
7.1
CVE-2024-3951 - Cross-site Scripting in PTC Codebeamer
PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code.
9.1
CVE-2024-32980 - Spin contains a potential network sandbox escape for specifically configured Spin applications
Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use `self` requests without a specified URL authority can be induced to make requests to arbitrary hosts via the `Host` HTTP headerβ¦
6.3
CVE-2024-4653 - BlueNet Technology Clinical Browsing System outIndex.php sql injection
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /xds/outIndex.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploβ¦
8.4
CVE-2024-34347 - @hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE
@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javascript code. This is because code inside the β¦
4.9
CVE-2024-32886 - Vitess vulnerable to infinite memory consumption and vtgate crash
Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7.
3.5
CVE-2024-4652 - Campcodes Complete Web-Based School Management System show_teacher2.php cross site scripting
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross site scripting. It is possible to launch the attacβ¦
3.5
CVE-2024-4651 - Campcodes Complete Web-Based School Management System student_attendance_history1.php cross site scβ¦
A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The aβ¦
4.3
CVE-2024-33573 - WordPress EPROLO Dropshipping plugin <= 1.7.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1.
4.3
CVE-2024-33574 - WordPress Vitepos plugin <= 3.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1.