Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-23 CVE-2023-46400 Improper Neutralization of Formula Elements in a CSV File vulnerability in Kwhotel 0.47
KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function.
network
low complexity
kwhotel CWE-1236
critical
 9.8
9.8
2025-01-23 CVE-2023-46401 Improper Neutralization of Formula Elements in a CSV File vulnerability in Kwhotel 0.47
KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function.
network
low complexity
kwhotel CWE-1236
critical
 9.8
9.8
2025-01-23 CVE-2024-50664 Out-of-bounds Write vulnerability in Gpac 2.4
gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_isom_new_mpha_description in gpac/MP4Box.
local
low complexity
gpac CWE-787
7.8
7.8
2025-01-23 CVE-2024-50665 NULL Pointer Dereference vulnerability in Gpac 2.4
gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_cenc_get_sai_by_saiz_saio in MP4Box.
local
low complexity
gpac CWE-476
5.5
5.5
2025-01-23 CVE-2024-55192 Out-of-bounds Write vulnerability in Openimageio 3.1.0.0
OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*).
network
low complexity
openimageio CWE-787
critical
 9.8
9.8
2025-01-23 CVE-2024-55193 Unspecified vulnerability in Openimageio 3.1.0.0
OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h.
network
low complexity
openimageio
critical
 9.8
9.8
2025-01-23 CVE-2024-55194 Out-of-bounds Write vulnerability in Openimageio 3.1.0.0
OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.
network
low complexity
openimageio CWE-787
critical
 9.8
9.8
2025-01-23 CVE-2024-57328 SQL Injection vulnerability in Projectworlds Online Food Ordering System 1.0
A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0.
network
low complexity
projectworlds CWE-89
critical
 9.8
9.8
2025-01-23 CVE-2024-57386 Cross-site Scripting vulnerability in Wallosapp Wallos 2.41.0
Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function.
network
low complexity
wallosapp CWE-79
6.1
6.1
2025-01-23 CVE-2024-57556 Cross-site Scripting vulnerability in Nbubna Store
Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component
network
low complexity
nbubna CWE-79
6.1
6.1