|
307431
|
4.7 |
MEDIUM
Local
|
cosmote
|
what\'s_up
|
A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmo…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-10748
|
2024-11-7 00:06 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307432
|
9.8 |
CRITICAL
Network
|
codezips
|
hospital_appointment_system
|
A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /doctorAction.php. The manipulati…
|
CWE-89
SQL Injection
|
CVE-2024-10791
|
2024-11-7 00:05 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307433
|
5.4 |
MEDIUM
Network
|
phpgurukul
|
online_shopping_portal
|
A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unit_testing/t…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10768
|
2024-11-7 00:04 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307434
|
8.1 |
HIGH
Network
|
thinkadmin
|
thinkadmin
|
A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected is the function script of the file /app/admin/controller/api/Plugs.php. The manipulation of the argum…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-10749
|
2024-11-7 00:04 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307435
|
9.8 |
CRITICAL
Network
|
projectworlds
|
travel_management_system
|
SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields.
|
CWE-89
SQL Injection
|
CVE-2024-51327
|
2024-11-7 00:02 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307436
|
7.5 |
HIGH
Network
|
projectworlds
|
travel_management_system
|
SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php.
|
CWE-89
SQL Injection
|
CVE-2024-51326
|
2024-11-7 00:02 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307437
|
5.3 |
MEDIUM
Network
|
openrefine
|
openrefine
|
OpenRefine is a free, open source tool for working with messy data. The load-language command expects a `lang` parameter from which it constructs the path of the localization file to load, of the for…
|
CWE-22
Path Traversal
|
CVE-2024-49760
|
2024-11-7 00:01 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307438
|
9.8 |
CRITICAL
Network
|
codezips
|
free_exam_hall_seating_management_system
|
A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. This issue affects some unknown processing of the file /pages/save_user.php…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10766
|
2024-11-6 23:59 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307439
|
7.3 |
HIGH
Network
|
aftabhusain
|
enable_shortcodes_inside_widgets\
comments_and_experts
|
The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the softw…
|
CWE-94
Code Injection
|
CVE-2024-9846
|
2024-11-6 23:58 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307440
|
5.5 |
MEDIUM
Local
|
snowflake
|
snowflake_connector
|
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the loggin…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-49750
|
2024-11-6 23:58 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
