5.7
CVE-2024-54128 - Directus has an HTML Injection in Comment
Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerβ¦
6.9
CVE-2024-12233 - code-projects Online Notice Board Profile Picture registration.php unrestricted upload
A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical. This issue affects some unknown processing of the file /registration.php of the component Profile Picture Handler. The manipulation of the argument img leads to unrestricted upload. The attack may bβ¦
5.3
CVE-2024-12232 - code-projects Simple CRUD Functionality index.php cross site scripting
A vulnerability has been found in code-projects Simple CRUD Functionality 1.0 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument newtitle/newdescr leads to cross site scripting. The attack can be initiated remotely. The exβ¦
6.9
CVE-2024-12231 - CodeZips Project Management System index.php sql injection
A vulnerability, which was classified as critical, was found in CodeZips Project Management System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed β¦
0.0
CVE-2024-51728 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2024. Notes: none.
5.9
CVE-2024-10716 -
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search.
7.5
CVE-2024-53856 - rPGP Panics on Malformed Untrusted Input
rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1.
7.5
CVE-2024-53857 - rPGP Potential Resource Exhaustion when handling Untrusted Messages
rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys.
4.6
CVE-2024-12247 - Improper propagation of permission scheme updates across cluster nodes
Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x <= 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated.
5.5
CVE-2024-54001 - Kanboard allows a persistent HTML injection site scripting in settings page date format
Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflectβ¦