Latest Vulnerabilities

In the past week, several vulnerabilities have emerged, particularly affecting various Honor products and a range of project management systems. Notable issues include information leaks, incorrect privilege assignments, and multiple SQL injection vulnerabilities in systems like the Travel Management System and Hospital Management System. These security flaws could potentially allow unauthorized access and data breaches. Additionally, a path traversal vulnerability was identified in the Huawei Home Music System, indicating potential risks in file handling. Organizations utilizing these systems should be aware of these vulnerabilities and take necessary precautions to mitigate risks.

CVE-2024-129511000 Projects Portfolio Management System MCA add_personal_details.php unrestricted upload

medium
6.5
First published (updated )
CVE-2024-12951

CVE-2024-47150Some Honor products are affected by information leak vulnerability, successful exploitation could ca…

low
3.3
First published (updated )
CVE-2024-47150

CVE-2024-47149Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploit…

low
3.3
First published (updated )
CVE-2024-47149

CVE-2024-47148Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploit…

medium
4
First published (updated )
CVE-2024-47148

CVE-2024-12950code-projects Travel Management System subcat.php sql injection

medium
6.5
First published (updated )
CVE-2024-12950

CVE-2024-47157Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploit…

low
2.9
First published (updated )
CVE-2024-47157

CVE-2024-47155Some Honor products are affected by information leak vulnerability, successful exploitation could ca…

medium
5.5
First published (updated )
CVE-2024-47155

CVE-2024-47154Some Honor products are affected by information leak vulnerability, successful exploitation could ca…

medium
5.5
First published (updated )
CVE-2024-47154

CVE-2024-47153Some Honor products are affected by information leak vulnerability, successful exploitation could ca…

medium
6.2
First published (updated )
CVE-2024-47153

CVE-2024-12949code-projects Travel Management System package.php sql injection

medium
6.5
First published (updated )
CVE-2024-12949

CVE-2024-8992Some Honor products are affected by information leak vulnerability, successful exploitation could ca…

medium
4
First published (updated )
CVE-2024-8992

CVE-2024-8993Some Honor products are affected by information leak vulnerability, successful exploitation could ca…

medium
6.2
First published (updated )
CVE-2024-8993

CVE-2024-8994Some Honor products are affected by information leak vulnerability, successful exploitation could ca…

medium
6.2
First published (updated )
CVE-2024-8994

CVE-2024-47151Some Honor products are affected by file writing vulnerability, successful exploitation could cause …

medium
6.3
First published (updated )
CVE-2024-47151

CVE-2024-47156Information Leak Vulnerability in Honor Product

low
3.3
First published (updated )
CVE-2024-47156

CVE-2024-12948code-projects Travel Management System detail.php sql injection

medium
6.5
First published (updated )
CVE-2024-12948

CVE-2024-12947Codezips Hospital Management System invo.php sql injection

medium
6.5
First published (updated )
CVE-2024-12947

CVE-2024-129461000 Projects Attendance Tracking Management System admin_action.php sql injection

high
7.5
First published (updated )
CVE-2024-12946

CVE-2024-12945code-projects Simple Car Rental System account.php sql injection

high
7.5
First published (updated )
CVE-2024-12945

CVE-2023-7300Path Traversal

high
8
First published (updated )
CVE-2023-7300

CVE-2024-12944CodeAstro House Rental Management System signin.php sql injection

high
7.5
First published (updated )
CVE-2024-12944

CVE-2024-12943CodeAstro House Rental Management System ownersignup.php sql injection

high
7.5
First published (updated )
CVE-2024-12943

CVE-2024-129421000 Projects Portfolio Management System MCA admin_login.php sql injection

high
7.5
First published (updated )
CVE-2024-12942

CVE-2024-12941CodeAstro Blood Donor Management System deletedannounce.php sql injection

medium
6.5
First published (updated )
CVE-2024-12941

CVE-2024-129401000 Projects Attendance Tracking Management System student_action.php sql injection

high
7.5
First published (updated )
CVE-2024-12940

CVE-2024-12939code-projects Job Recruitment _all_edits.php add_edu sql injection

medium
6.5
First published (updated )
CVE-2024-12939

CVE-2024-12938code-projects Simple Admin Panel updateOrderStatus.php sql injection

medium
6.5
First published (updated )
CVE-2024-12938

CVE-2024-11223WPForms < 1.9.2.3 - Admin+ Stored XSS

First published (updated )
CVE-2024-11223

CVE-2024-10903Broken Link Checker < 2.4.2 - Admin+ SSRF

First published (updated )
CVE-2024-10903

CVE-2024-12937code-projects Simple Admin Panel addVariationController.php sql injection

medium
6.5
First published (updated )
CVE-2024-12937

CVE-2024-12936code-projects Simple Admin Panel catDeleteController.php sql injection

medium
6.5
First published (updated )
CVE-2024-12936

CVE-2024-12935code-projects Simple Admin Panel editItemForm.php sql injection

medium
6.5
First published (updated )
CVE-2024-12935

CVE-2024-12652Intumit SmartRobot′s Conversational AI Platform - Improper Control of Generation of Code ('Code Injection')

critical
9.3
First published (updated )
CVE-2024-12652

CVE-2024-12934code-projects Simple Admin Panel updateItemController.php sql injection

medium
6.5
First published (updated )
CVE-2024-12934

CVE-2024-12933code-projects Simple Admin Panel updateItemController.php cross site scripting

medium
5.3
First published (updated )
CVE-2024-12933

CVE-2024-12932code-projects Simple Admin Panel addSizeController.php cross site scripting

medium
5.3
First published (updated )
CVE-2024-12932

CVE-2024-12931code-projects Simple Admin Panel addCatController.php sql injection

medium
6.5
First published (updated )
CVE-2024-12931

CVE-2024-12930code-projects Simple Admin Panel addCatController.php cross site scripting

medium
5.3
First published (updated )
CVE-2024-12930

CVE-2024-12929code-projects Student Management System addCatController.php sql injection

medium
6.5
First published (updated )
CVE-2024-12929

CVE-2024-56433shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 1…

low
3.6
First published (updated )
CVE-2024-56433

CVE-2024-12928code-projects Simple Admin Panel sql injection

medium
6.5
First published (updated )
CVE-2024-12928

CVE-2024-129271000 Projects Attendance Tracking Management System check_faculty_login.php sql injection

high
7.5
First published (updated )
CVE-2024-12927

CVE-2024-12926Codezips Project Management System advanced.php sql injection

medium
6.5
First published (updated )
CVE-2024-12926

CVE-2024-52534Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vul…

medium
5.4
First published (updated )
CVE-2024-52534

CVE-2024-52543Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure Permissio…

medium
6.5
First published (updated )
CVE-2024-52543

CVE-2024-53291Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadat…

high
7.5
First published (updated )
CVE-2024-53291

CVE-2024-47978Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerabili…

high
7.8
First published (updated )
CVE-2024-47978

CVE-2023-5117Exposure of Sensitive Information Due to Incompatible Policies in GitLab

low
3.7
First published (updated )
CVE-2023-5117

CVE-2024-52535Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs ver…

high
7.1
First published (updated )
CVE-2024-52535

CVE-2024-8950SQLi in Arne Informatics' Piramit Automation

critical
9.9
EPSS
0.05%
First published (updated )
CVE-2024-8950

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203