5.1
CVE-2024-51502 - Panic Vulnerability in loona-hpack
loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. `loona-hpack` suffers from the same vulnerability as the original `hpack` as documented in issue #11. All users who try to decode untrusted input using the Decoder are vulnerable to this exploit. This issue hasβ¦
5.3
CVE-2024-10805 - code-projects University Event Management System doedit.php sql injection
A vulnerability was found in code-projects University Event Management System 1.0. It has been classified as critical. This affects an unknown part of the file doedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has beeβ¦
8.7
CVE-2024-51734 - User data deletion by anoynmous users in Zope
Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to upβ¦
3.1
CVE-2024-51744 - Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situationsβ¦
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWiβ¦
6.9
CVE-2024-10791 - Codezips Hospital Appointment System doctorAction.php sql injection
A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /doctorAction.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit haβ¦
5.5
CVE-2024-45086 - IBM WebSphere Application Server XML external entity injection
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
5.3
CVE-2024-10768 - PHPGurukul Online Shopping Portal two_tables.php cross site scripting
A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/two_tables.php. The manipulation of the argument scripts leads to cross site scripting. Theβ¦
5.3
CVE-2024-10766 - Codezips Free Exam Hall Seating Management System save_user.php unrestricted upload
A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. This issue affects some unknown processing of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated rβ¦
5.3
CVE-2024-10765 - Codezips Online Institute Management System profile.php unrestricted upload
A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument old_image leads to unrestricted upload. The attack can be initiated remotely. The exploit hasβ¦
5.3
CVE-2024-10764 - Codezips Online Institute Management System save_user.php unrestricted upload
A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit hβ¦