Security Vulnerabilities - CVEs Published In October 2024
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /manage_customer.php of the component Manage Customer Page. The manipulation of the argument suppliers_name/address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting files to be affected. Other parameters might be affected as well.
CVSS Score
5.1
EPSS Score
0.001
Published
2024-10-21
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /manage_medicine.php of the component Manage Medicines Page. The manipulation of the argument name/address/doctor_address/suppliers_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting files to be affected.
CVSS Score
5.1
EPSS Score
0.001
Published
2024-10-21
Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed.
CVSS Score
8.8
EPSS Score
0.009
Published
2024-10-21
A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /add_new_invoice.php. The manipulation of the argument text leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-10-21
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /manage_supplier.php of the component Manage Supplier Page. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVSS Score
5.1
EPSS Score
0.001
Published
2024-10-21
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1.
CVSS Score
9.8
EPSS Score
0.929
Published
2024-10-20
Cross-Site Request Forgery (CSRF) vulnerability in whiletrue Most And Least Read Posts Widget most-and-least-read-posts-widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through <= 2.5.18.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-10-20
Cross-Site Request Forgery (CSRF) vulnerability in Northern Beaches Websites IdeaPush ideapush allows Cross Site Request Forgery.This issue affects IdeaPush: from n/a through <= 8.69.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-10-20
Cross-Site Request Forgery (CSRF) vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1.8.0.
CVSS Score
4.3
EPSS Score
0.004
Published
2024-10-20
Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Content Copy Protection & No Right Click wp-content-copy-protector allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through <= 3.5.9.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-10-20