5.3
CVE-2024-10412 - Poco-z Guns-Medical File Upload upload cross site scripting
A vulnerability was found in Poco-z Guns-Medical 1.0. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /mgr/upload of the component File Upload. The manipulation of the argument picture leads to cross site scripting. The attack can be launched rβ¦
5.3
CVE-2024-10411 - SourceCodester Online Hotel Reservation System controller.php doCheckout sql injection
A vulnerability was found in SourceCodester Online Hotel Reservation System 1.0. It has been classified as critical. Affected is the function doCancelRoom/doCancel/doConfirm/doCancel/doCheckin/doCheckout of the file /marimar/admin/mod_room/controller.php. The manipulation of the argument id leads tβ¦
5.3
CVE-2024-10410 - SourceCodester Online Hotel Reservation System controller.php upload unrestricted upload
A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Affected by this vulnerability is the function upload of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. The attack can beβ¦
5.3
CVE-2024-10409 - code-projects Blood Bank Management accept.php sql injection
A vulnerability was found in code-projects Blood Bank Management 1.0 and classified as critical. This issue affects some unknown processing of the file /file/accept.php. The manipulation of the argument reqid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosβ¦
5.3
CVE-2024-10408 - code-projects Blood Bank Management abs.php sql injection
A vulnerability has been found in code-projects Blood Bank Management up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /abs.php. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been discloβ¦
5.9
CVE-2024-50602 - libexpat: expat: DoS via XML_ResumeParser
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
9.8
CVE-2024-50623 -
In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.
5.3
CVE-2024-50612 - libsndfile: Segmentation fault error in ogg_vorbis.c:417 vorbis_analysis_wrote()
libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.
6.5
CVE-2024-50613 - libsndfile: Reachable assertion in mpeg_l3_encoder_close
libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
7.2
CVE-2024-50611 -
CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation, rathβ¦