|
305991
|
7.5 |
HIGH
Network
|
anisha
|
job_recruitment
|
A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file reset.php. The manipulation of…
|
CWE-89
SQL Injection
|
CVE-2024-11241
|
2024-11-21 00:41 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305992
|
7.5 |
HIGH
Network
|
crmeb
|
crmeb
|
CRMEB <=5.4.0 is vulnerable to Incorrect Access Control. Users can bypass the front-end restriction of only being able to claim coupons once by capturing packets and sending a large number of data pa…
|
NVD-CWE-noinfo
|
CVE-2024-50653
|
2024-11-21 00:36 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305993
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
userfaultfd: fix checks for huge PMDs
Patch series "userfaultfd: fix races around pmd_trans_huge() check", v2.
The pmd_trans_hug…
|
NVD-CWE-noinfo
|
CVE-2024-46787
|
2024-11-21 00:33 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305994
|
8.8 |
HIGH
Network
|
glpi-project
|
glpi
|
GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take …
|
CWE-89
SQL Injection
|
CVE-2024-40638
|
2024-11-21 00:30 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305995
|
6.1 |
MEDIUM
Network
|
glpi-project
|
glpi
|
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Sof…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43417
|
2024-11-21 00:21 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305996
|
8.8 |
HIGH
Network
|
glpi-project
|
glpi
|
GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17.
|
CWE-89
SQL Injection
|
CVE-2024-41679
|
2024-11-21 00:21 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305997
|
6.1 |
MEDIUM
Network
|
glpi-project
|
glpi
|
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.1…
|
CWE-79
Cross-site Scripting
|
CVE-2024-41678
|
2024-11-21 00:21 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305998
|
8.8 |
HIGH
Network
|
glpi-project
|
glpi
|
GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences. Upgrade to 10.0.17.
|
CWE-89
SQL Injection
|
CVE-2024-45608
|
2024-11-21 00:20 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305999
|
6.1 |
MEDIUM
Network
|
glpi-project
|
glpi
|
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.1…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43418
|
2024-11-21 00:20 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306000
|
9.8 |
CRITICAL
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, lead…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11311
|
2024-11-21 00:17 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
