|
306531
|
9.8 |
CRITICAL
Network
|
1000projects
|
beauty_parlour_management_system
|
A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the a…
|
CWE-89
SQL Injection
|
CVE-2024-11258
|
2024-11-20 06:24 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306532
|
9.8 |
CRITICAL
Network
|
1000projects
|
beauty_parlour_management_system
|
A vulnerability classified as critical has been found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/forgot-password.php. The manipulation of t…
|
CWE-89
SQL Injection
|
CVE-2024-11257
|
2024-11-20 06:24 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306533
|
6.1 |
MEDIUM
Network
|
glpi-project
|
glpi
|
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a …
|
CWE-79
Cross-site Scripting
|
CVE-2024-45609
|
2024-11-20 06:22 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306534
|
5.5 |
MEDIUM
Local
|
adobe
|
audition
|
Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to by…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-49536
|
2024-11-20 06:21 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306535
|
4.3 |
MEDIUM
Network
|
smartwpress
|
music_player_for_elementor
|
The Music Player for Elementor – Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_mpfe_template() …
|
CWE-862
Missing Authorization
|
CVE-2024-10582
|
2024-11-20 06:17 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306536
|
6.1 |
MEDIUM
Network
|
melapress
|
wp_activity_log
|
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10793
|
2024-11-20 06:13 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306537
|
6.1 |
MEDIUM
Network
|
glpi-project
|
glpi
|
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45610
|
2024-11-20 06:07 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306538
|
5.4 |
MEDIUM
Network
|
glpi-project
|
glpi
|
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control …
|
CWE-79
Cross-site Scripting
|
CVE-2024-45611
|
2024-11-20 05:57 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306539
|
8.1 |
HIGH
Network
|
microsoft
|
windows_server_2022
|
Windows SMBv3 Server Remote Code Execution Vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-43447
|
2024-11-20 05:52 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306540
|
5.9 |
MEDIUM
Network
|
microsoft
|
windows_server_2025
windows_11_22h2
windows_11_23h2
windows_server_2022_23h2
windows_11_24h2
|
Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-38264
|
2024-11-20 05:52 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
