Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-14 CVE-2024-50968 Unspecified vulnerability in Adonesevangelista Agri-Trading Online Shopping System 1.0
A business logic vulnerability exists in the Add to Cart function of itsourcecode Agri-Trading Online Shopping System 1.0, which allows remote attackers to manipulate the quant parameter when adding a product to the cart.
network
low complexity
adonesevangelista
7.5
2024-11-14 CVE-2024-51679 Cross-Site Request Forgery (CSRF) vulnerability in Appointmind
Cross-Site Request Forgery (CSRF) vulnerability in GentleSource Appointmind allows Stored XSS.This issue affects Appointmind: from n/a through 4.0.0.
network
low complexity
appointmind CWE-352
6.1
2024-11-14 CVE-2024-49025 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
network
low complexity
CWE-359
5.4
2024-11-14 CVE-2024-3760 Allocation of Resources Without Limits or Throttling vulnerability in Lunary
In lunary-ai/lunary version 1.2.7, there is a lack of rate limiting on the forgot password page, leading to an email bombing vulnerability.
network
low complexity
lunary CWE-770
7.5
2024-11-14 CVE-2024-3379 Incorrect Authorization vulnerability in Lunary
In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to.
network
low complexity
lunary CWE-863
8.1
2024-11-14 CVE-2024-3501 Insecure Storage of Sensitive Information vulnerability in Lunary
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/users/me/org` API endpoints.
network
low complexity
lunary CWE-922
8.1
2024-11-14 CVE-2024-3502 Insecure Storage of Sensitive Information vulnerability in Lunary
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors.
network
low complexity
lunary CWE-922
8.1
2024-11-14 CVE-2024-48284 Cross-site Scripting vulnerability in PHPgurukul User Registration & Login and User Management System 3.2
A Reflected Cross-Site Scripting (XSS) vulnerability was found in the /search-result.php page of the PHPGurukul User Registration & Login and User Management System 3.2.
network
low complexity
phpgurukul CWE-79
4.8
2024-11-14 CVE-2024-50823 SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0
A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
network
low complexity
lopalopa CWE-89
critical
9.8
2024-11-14 CVE-2024-50824 SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0
A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.
network
low complexity
lopalopa CWE-89
7.2