CVE-2024-51326
https://notcve.org/view.php?id=CVE-2024-51326
SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php. • https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51326%20-%20Union%20SQLi https://projectworlds.in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-51774
https://notcve.org/view.php?id=CVE-2024-51774
qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors. • id=42004219 https://sharpsec.run/rce-vulnerability-in-qbittorrent https://www.qbittorrent.org/news • CWE-295: Improper Certificate Validation •
CVE-2024-51432
https://notcve.org/view.php?id=CVE-2024-51432
Cross Site Scripting vulnerability in FiberHome HG6544C RP2743 allows an attacker to execute arbitrary code via the SSID field in the WIFI Clients List not being sanitized • https://en.fiberhome.com https://github.com/MatJosephs/CVEs/tree/main/CVE-2024-51432 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-48410
https://notcve.org/view.php?id=CVE-2024-48410
Cross Site Scripting vulnerability in Camtrace v.9.16.2.1 allows a remote attacker to execute arbitrary code via the login.php. • https://gist.github.com/Youns92/e7cd3f5d18ab089320f72c51fa3977de • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-51377
https://notcve.org/view.php?id=CVE-2024-51377
An issue in Ladybird Web Solution Faveo Helpdesk & Servicedesk (On-Premise and Cloud) 9.2.0 allows a remote attacker to execute arbitrary code via the Subject and Identifier fields • https://github.com/Asadiqbal2/Vulnerabilities-Research/tree/main/CVE-2024-51377 https://github.com/ladybirdweb/faveo-helpdesk/issues/8303 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •