6.9
CVE-2024-11258 - 1000 Projects Beauty Parlour Management System index.php sql injection
A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been β¦
4.3
CVE-2024-3334 - USB Security Feature Bypass in Digital Guardian Windows Agent Prior to version 8.2.0
A security bypass vulnerability exists in the Removable Media Encryption (RME)component of Digital Guardian Windows Agents prior to version 8.2.0. This allows a user to circumvent encryption controls by modifying metadata on the USB device thereby compromising the confidentiality of the stored data.
5.5
CVE-2024-49536 - Audition | Out-of-bounds Read (CWE-125)
Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victimβ¦
6.9
CVE-2024-11257 - 1000 Projects Beauty Parlour Management System forgot-password.php sql injection
A vulnerability classified as critical has been found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploiβ¦
6.9
CVE-2024-11256 - 1000 Projects Portfolio Management System MCA login.php sql injection
A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been β¦
9.2
CVE-2024-10934 - OpenBSD NFS double-free vulnerability
In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.
6.5
CVE-2024-45608 - GLPI has an Authenticated SQL Injection
GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences. Upgrade to 10.0.17.
6.5
CVE-2024-43418 - GLPI has multiple reflected XSS
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17.
6.5
CVE-2024-43417 - Reflected XSS in Software form
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Software form. Upgrade to 10.0.17.
6.5
CVE-2024-41679 - Authenticated SQL injection in ticket form
GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17.