6.9
CVE-2024-11590 - 1000 Projects Bookstore Management System forget_password_process.php sql injection
A vulnerability, which was classified as critical, has been found in 1000 Projects Bookstore Management System 1.0. Affected by this issue is some unknown functionality of the file /forget_password_process.php. The manipulation of the argument unm leads to sql injection. The attack may be launched β¦
5.3
CVE-2024-11589 - itsourcecode Tailoring Management System expcatedit.php sql injection
A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /expcatedit.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has β¦
5.1
CVE-2024-11588 - AVL-DiTEST-DiagDev libdoip DoIPConnection.cpp reactOnReceivedTcpMessage null pointer dereference
A vulnerability was found in AVL-DiTEST-DiagDev libdoip 1.0.0. It has been rated as problematic. This issue affects the function DoIPConnection::reactOnReceivedTcpMessage of the file DoIPConnection.cpp. The manipulation leads to null pointer dereference.
5.3
CVE-2024-11587 - idcCMS classProvCity.php GetCityOptionJs cross site scripting
A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been β¦
4.8
CVE-2024-7016 - Stored XSS in Smarttek Informatics' Smart Doctor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Smarttek Informatics Smart Doctor's allows Stored XSS required admin privileges.This issue affects Smart Doctor: through 21.11.2024. NOTE: The vendor was contacted early about this disclosβ¦
4.3
CVE-2024-9542 - Sky Addons for Elementor <= 2.6.1 - Authenticated (Contributor+) Sensitive Information Exposure viaβ¦
The Sky Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the render function in modules/content-switcher/widgets/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level β¦
4.3
CVE-2024-10316 - Stratum β Elementor Widgets <= 1.4.4 - Authenticated (Contributor+) Sensitive Information Exposure β¦
The Stratum β Elementor Widgets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4 in includes/templates/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitβ¦
5.3
CVE-2024-6538 - Openshift-console: openshift console: server-side request forgery
A flaw was found in OpenShift Console. A Server Side Request Forgery (SSRF) attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to clβ¦
6.9
CVE-2024-11320 - Command Injection leading to RCE via LDAP Misconfiguration
Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4
6.1
CVE-2024-10792 - Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels <= 3.5.5 - Reflected Cross-Site Scrβ¦
The Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post_id' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unaβ¦