2381
|
9.8 |
CRITICAL
Network
pharmacy_management_system_project
|
pharmacy_management_system
|
A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The mani…
|
CWE-89
SQL Injection
|
CVE-2024-8146
|
2024-09-25 02:00 |
2024-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2382
|
5.0 |
MEDIUM
Network
|
openstack redhat
|
heat openstack_platform
|
An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and th…
|
NVD-CWE-noinfo
|
CVE-2024-7319
|
2024-09-25 02:00 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2383
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access sensitive data …
|
NVD-CWE-noinfo
|
CVE-2024-44182
|
2024-09-25 01:52 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2384
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability …
|
CWE-601
Open Redirect
|
CVE-2024-4283
|
2024-09-25 01:51 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2385
|
7.5 |
HIGH
Network
sigstore
|
sigstore-go
|
sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bun…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2024-45395
|
2024-09-25 01:50 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2386
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to un…
|
NVD-CWE-noinfo
|
CVE-2024-6685
|
2024-09-25 01:48 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2387
|
6.1 |
MEDIUM
Network
|
cern
|
indico
|
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45399
|
2024-09-25 01:48 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2388
|
9.8 |
CRITICAL
Network
superstorefinder
|
super_store_finder
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/…
|
CWE-89
SQL Injection
|
CVE-2024-43978
|
2024-09-25 01:44 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2389
|
6.7 |
MEDIUM
Local
|
qnap
|
qvr_smart_client
|
An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized c…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2022-27592
|
2024-09-25 01:44 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2390
|
7.5 |
HIGH
Network
draytek
|
vigor3910_firmware
|
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the fid parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-46580
|
2024-09-25 01:42 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|