2411
|
9.8 |
CRITICAL
Network
projectworlds
|
travel_management_system
|
SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields.
|
CWE-89
SQL Injection
|
CVE-2024-51327
|
2024-11-7 00:02 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2412
|
7.5 |
HIGH
Network
projectworlds
|
travel_management_system
|
SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php.
|
CWE-89
SQL Injection
|
CVE-2024-51326
|
2024-11-7 00:02 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2413
|
5.3 |
MEDIUM
Network
openrefine
|
openrefine
|
OpenRefine is a free, open source tool for working with messy data. The load-language command expects a `lang` parameter from which it constructs the path of the localization file to load, of the for…
|
CWE-22
Path Traversal
|
CVE-2024-49760
|
2024-11-7 00:01 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2414
|
9.8 |
CRITICAL
Network
codezips
|
free_exam_hall_seating_management_system
|
A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. This issue affects some unknown processing of the file /pages/save_user.php…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10766
|
2024-11-6 23:59 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2415
|
7.3 |
HIGH
Network
aftabhusain
|
enable_shortcodes_inside_widgets\ comments_and_experts
|
The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the softw…
|
CWE-94
Code Injection
|
CVE-2024-9846
|
2024-11-6 23:58 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2416
|
5.5 |
MEDIUM
Local
|
snowflake
|
snowflake_connector
|
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the loggin…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-49750
|
2024-11-6 23:58 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2417
|
9.8 |
CRITICAL
Network
gvectors
|
wpdiscuz
|
The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned b…
|
NVD-CWE-Other
|
CVE-2024-9488
|
2024-11-6 23:57 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2418
|
6.1 |
MEDIUM
Network
|
markjaquith
|
subscribe_to_comments
|
The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and inclu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8792
|
2024-11-6 23:51 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2419
|
5.4 |
MEDIUM
Network
|
instantcms
|
instantcms
|
InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-50348
|
2024-11-6 23:49 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2420
|
9.8 |
CRITICAL
Network
codezips
|
online_institute_management_system
|
A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the ar…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10765
|
2024-11-6 23:45 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|