|
2141
|
- |
|
-
|
-
|
A vulnerability was found in code-projects Online Book Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /detail.php. The manipulation of the argument id…
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2025-0297
|
2025-01-8 01:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2142
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kmfoysal06 SimpleCharm allows Reflected XSS.This issue affects SimpleCharm: from n/a through 1.4.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-56056
|
2025-01-8 01:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2143
|
- |
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rezgo Rezgo allows PHP Local File Inclusion.This issue affects Rezgo: from n/a…
|
CWE-98
CWE-829
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2024-53800
|
2025-01-8 01:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2144
|
- |
|
-
|
-
|
An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file.
|
-
|
CVE-2024-53345
|
2025-01-8 01:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2145
|
- |
|
-
|
-
|
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptograp…
|
CWE-223
|
CVE-2024-52813
|
2025-01-8 01:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2146
|
- |
|
-
|
-
|
Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking.…
|
-
|
CVE-2024-48245
|
2025-01-8 01:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2147
|
- |
|
-
|
-
|
An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service (ReDoS) via supplying a crafted string as e…
|
-
|
CVE-2024-46242
|
2025-01-8 01:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2148
|
8.2 |
HIGH
Network
-
|
-
|
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validat…
|
CWE-295
Improper Certificate Validation
|
CVE-2024-40702
|
2025-01-8 01:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2149
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or reposit…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-28778
|
2025-01-8 01:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2150
|
4.3 |
MEDIUM
Network
|
-
|
-
|
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-25037
|
2025-01-8 01:15 |
2025-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
