Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-14 | CVE-2024-50968 | Unspecified vulnerability in Adonesevangelista Agri-Trading Online Shopping System 1.0 A business logic vulnerability exists in the Add to Cart function of itsourcecode Agri-Trading Online Shopping System 1.0, which allows remote attackers to manipulate the quant parameter when adding a product to the cart. | 7.5 |
| 2024-11-14 | CVE-2024-3760 | Allocation of Resources Without Limits or Throttling vulnerability in Lunary In lunary-ai/lunary version 1.2.7, there is a lack of rate limiting on the forgot password page, leading to an email bombing vulnerability. | 7.5 |
| 2024-11-14 | CVE-2024-3379 | Incorrect Authorization vulnerability in Lunary In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. | 8.1 |
| 2024-11-14 | CVE-2024-3501 | Insecure Storage of Sensitive Information vulnerability in Lunary In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/users/me/org` API endpoints. | 8.1 |
| 2024-11-14 | CVE-2024-3502 | Insecure Storage of Sensitive Information vulnerability in Lunary In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. | 8.1 |
| 2024-11-14 | CVE-2024-50824 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter. | 7.2 |
| 2024-11-14 | CVE-2024-50825 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter. | 7.2 |
| 2024-11-14 | CVE-2024-50826 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters. | 7.2 |
| 2024-11-14 | CVE-2024-50827 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter. | 7.2 |
| 2024-11-14 | CVE-2024-50828 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter. | 7.2 |