5.5
CVE-2024-53846 - ssl fails to validate incorrect extened key usage
OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27β¦
6.9
CVE-2024-12234 - 1000 Projects Beauty Parlour Management System edit-customer-detailed.php sql injection
A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-customer-detailed.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotβ¦
5.7
CVE-2024-54128 - Directus has an HTML Injection in Comment
Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerβ¦
6.9
CVE-2024-12233 - code-projects Online Notice Board Profile Picture registration.php unrestricted upload
A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical. This issue affects some unknown processing of the file /registration.php of the component Profile Picture Handler. The manipulation of the argument img leads to unrestricted upload. The attack may bβ¦
5.3
CVE-2024-12232 - code-projects Simple CRUD Functionality index.php cross site scripting
A vulnerability has been found in code-projects Simple CRUD Functionality 1.0 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument newtitle/newdescr leads to cross site scripting. The attack can be initiated remotely. The exβ¦
6.9
CVE-2024-12231 - CodeZips Project Management System index.php sql injection
A vulnerability, which was classified as critical, was found in CodeZips Project Management System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed β¦
0.0
CVE-2024-51728 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2024. Notes: none.
5.9
CVE-2024-10716 -
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search.
7.5
CVE-2024-53856 - rPGP Panics on Malformed Untrusted Input
rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1.
7.5
CVE-2024-53857 - rPGP Potential Resource Exhaustion when handling Untrusted Messages
rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys.