|
304161
|
7.2 |
HIGH
Network
|
lopalopa
|
e-learning_management_system
|
A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.
|
CWE-89
SQL Injection
|
CVE-2024-50832
|
2024-11-19 01:37 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304162
|
7.2 |
HIGH
Network
|
lopalopa
|
e-learning_management_system
|
A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter.
|
CWE-89
SQL Injection
|
CVE-2024-50828
|
2024-11-19 01:36 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304163
|
7.2 |
HIGH
Network
|
lopalopa
|
e-learning_management_system
|
A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter.
|
CWE-89
SQL Injection
|
CVE-2024-50827
|
2024-11-19 01:36 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304164
|
- |
|
-
|
-
|
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know…
|
CWE-22
Path Traversal
|
CVE-2024-42499
|
2024-11-19 01:35 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304165
|
- |
|
-
|
-
|
zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Pa…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-4311
|
2024-11-19 01:35 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304166
|
- |
|
-
|
-
|
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. This is…
|
CWE-200
Information Exposure
|
CVE-2024-3502
|
2024-11-19 01:35 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304167
|
- |
|
-
|
-
|
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/us…
|
CWE-200
Information Exposure
|
CVE-2024-3501
|
2024-11-19 01:35 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304168
|
- |
|
-
|
-
|
In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifical…
|
-
|
CVE-2024-3379
|
2024-11-19 01:35 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304169
|
4.8 |
MEDIUM
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the inte…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45087
|
2024-11-19 01:34 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304170
|
5.4 |
MEDIUM
Network
|
ibm
|
maximo_asset_management
|
IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the inte…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45088
|
2024-11-19 01:33 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
