Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

+F FS040U, +F FS020W, +F FS030W, And +F FS040W Security Vulnerabilities

cve
cve

CVE-2024-5771

A vulnerability classified as critical was found in LabVantage LIMS 2017. This vulnerability affects unknown code of the file /labvantage/rc?command=page&page=SampleList&_iframename=list of the component POST Request Handler. The manipulation of the argument param1 leads to sql injection. The...

6.3CVSS

2024-06-08 10:15 PM
1
nvd
nvd

CVE-2024-5771

A vulnerability classified as critical was found in LabVantage LIMS 2017. This vulnerability affects unknown code of the file /labvantage/rc?command=page&page=SampleList&_iframename=list of the component POST Request Handler. The manipulation of the argument param1 leads to sql injection. The...

6.3CVSS

2024-06-08 10:15 PM
2
cvelist
cvelist

CVE-2024-5771 LabVantage LIMS POST Request sql injection

A vulnerability classified as critical was found in LabVantage LIMS 2017. This vulnerability affects unknown code of the file /labvantage/rc?command=page&page=SampleList&_iframename=list of the component POST Request Handler. The manipulation of the argument param1 leads to sql injection. The...

6.3CVSS

2024-06-08 10:00 PM
3
nvd
nvd

CVE-2024-4680

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the.....

3.9CVSS

2024-06-08 08:15 PM
3
cve
cve

CVE-2024-4680

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the.....

3.9CVSS

2024-06-08 08:15 PM
3
cve
cve

CVE-2024-4146

In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...

9.8CVSS

2024-06-08 08:15 PM
3
nvd
nvd

CVE-2024-4146

In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...

9.8CVSS

2024-06-08 08:15 PM
3
cvelist
cvelist

CVE-2024-4146 Improper Authorization in lunary-ai/lunary

In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...

9.8CVSS

2024-06-08 07:41 PM
3
cvelist
cvelist

CVE-2024-4680 Insufficient Session Expiration in zenml-io/zenml

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the.....

3.9CVSS

2024-06-08 07:38 PM
3
cve
cve

CVE-2024-22151

Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through...

5.3CVSS

5.4AI Score

2024-06-08 05:15 PM
18
nvd
nvd

CVE-2024-22151

Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through...

5.3CVSS

2024-06-08 05:15 PM
4
cvelist
cvelist

CVE-2024-22151 WordPress Import and export users and customers plugin <= 1.24.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through...

5.3CVSS

2024-06-08 04:19 PM
1
cve
cve

CVE-2023-45707

HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional...

4.4CVSS

2024-06-08 03:15 PM
nvd
nvd

CVE-2023-45707

HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional...

4.4CVSS

2024-06-08 03:15 PM
cvelist
cvelist

CVE-2023-45707 HCL Connections Docs is vulnerable to Cross-Site Scripting (XSS)

HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional...

4.4CVSS

2024-06-08 03:10 PM
nvd
nvd

CVE-2024-37408

fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for...

2024-06-08 02:15 PM
cve
cve

CVE-2024-37408

fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for...

2024-06-08 02:15 PM
openbugbounty
openbugbounty

ommouldings.com Cross Site Scripting vulnerability OBB-3933911

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 02:04 PM
4
nvd
nvd

CVE-2024-36969

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a...

2024-06-08 01:15 PM
1
cve
cve

CVE-2024-36970

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Use request_module_nowait This appears to work around a deadlock regression that came in with the LED merge in 6.9. The deadlock happens on my system with 24 iwlwifi radios, so maybe it something like all worker...

2024-06-08 01:15 PM
cve
cve

CVE-2024-36969

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a...

2024-06-08 01:15 PM
2
cve
cve

CVE-2024-36967

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak in tpm2_key_encode() 'scratch' is never freed. Fix this by calling kfree() in the success, and in the error...

2024-06-08 01:15 PM
1
cve
cve

CVE-2024-36968

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev-&gt;le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...

2024-06-08 01:15 PM
2
cve
cve

CVE-2024-37407

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in...

2024-06-08 01:15 PM
1
nvd
nvd

CVE-2024-37407

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in...

2024-06-08 01:15 PM
1
nvd
nvd

CVE-2024-36970

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Use request_module_nowait This appears to work around a deadlock regression that came in with the LED merge in 6.9. The deadlock happens on my system with 24 iwlwifi radios, so maybe it something like all worker...

2024-06-08 01:15 PM
nvd
nvd

CVE-2024-36967

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak in tpm2_key_encode() 'scratch' is never freed. Fix this by calling kfree() in the success, and in the error...

2024-06-08 01:15 PM
nvd
nvd

CVE-2024-36968

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev-&gt;le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...

2024-06-08 01:15 PM
nvd
nvd

CVE-2024-35750

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through...

8.5CVSS

2024-06-08 01:15 PM
1
cve
cve

CVE-2024-36965

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the....

2024-06-08 01:15 PM
1
nvd
nvd

CVE-2024-36966

In the Linux kernel, the following vulnerability has been resolved: erofs: reliably distinguish block based and fscache mode When erofs_kill_sb() is called in block dev based mode, s_bdev may not have been initialised yet, and if CONFIG_EROFS_FS_ONDEMAND is enabled, it will be mistaken for fscache....

2024-06-08 01:15 PM
cve
cve

CVE-2024-36966

In the Linux kernel, the following vulnerability has been resolved: erofs: reliably distinguish block based and fscache mode When erofs_kill_sb() is called in block dev based mode, s_bdev may not have been initialised yet, and if CONFIG_EROFS_FS_ONDEMAND is enabled, it will be mistaken for fscache....

2024-06-08 01:15 PM
1
nvd
nvd

CVE-2024-36965

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the....

2024-06-08 01:15 PM
cve
cve

CVE-2024-35750

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through...

8.5CVSS

2024-06-08 01:15 PM
1
nvd
nvd

CVE-2024-35731

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor allows Stored XSS.This issue affects Kenta Gutenberg Blocks Responsive Blocks and block...

6.5CVSS

2024-06-08 01:15 PM
cve
cve

CVE-2024-35731

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor allows Stored XSS.This issue affects Kenta Gutenberg Blocks Responsive Blocks and block...

6.5CVSS

2024-06-08 01:15 PM
1
cvelist
cvelist

CVE-2024-36970 wifi: iwlwifi: Use request_module_nowait

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Use request_module_nowait This appears to work around a deadlock regression that came in with the LED merge in 6.9. The deadlock happens on my system with 24 iwlwifi radios, so maybe it something like all worker...

2024-06-08 01:01 PM
openbugbounty
openbugbounty

eduroyale.in Cross Site Scripting vulnerability OBB-3933910

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 01:01 PM
1
cvelist
cvelist

CVE-2024-35731 WordPress Kenta Gutenberg Blocks plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor allows Stored XSS.This issue affects Kenta Gutenberg Blocks Responsive Blocks and block...

6.5CVSS

2024-06-08 12:53 PM
1
cvelist
cvelist

CVE-2024-36969 drm/amd/display: Fix division by zero in setup_dsc_config

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a...

2024-06-08 12:53 PM
1
cvelist
cvelist

CVE-2024-36968 Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev-&gt;le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...

2024-06-08 12:53 PM
1
cvelist
cvelist

CVE-2024-36966 erofs: reliably distinguish block based and fscache mode

In the Linux kernel, the following vulnerability has been resolved: erofs: reliably distinguish block based and fscache mode When erofs_kill_sb() is called in block dev based mode, s_bdev may not have been initialised yet, and if CONFIG_EROFS_FS_ONDEMAND is enabled, it will be mistaken for fscache....

2024-06-08 12:52 PM
2
cvelist
cvelist

CVE-2024-36967 KEYS: trusted: Fix memory leak in tpm2_key_encode()

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak in tpm2_key_encode() 'scratch' is never freed. Fix this by calling kfree() in the success, and in the error...

2024-06-08 12:52 PM
2
cvelist
cvelist

CVE-2024-36965 remoteproc: mediatek: Make sure IPI buffer fits in L2TCM

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the....

2024-06-08 12:52 PM
2
cvelist
cvelist

CVE-2024-35750 WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through...

8.5CVSS

2024-06-08 12:37 PM
kitploit
kitploit

Sttr - Cross-Platform, Cli App To Perform Various Operations On String

sttr is command line software that allows you to quickly run various transformation operations on the string. // With input prompt sttr // Direct input sttr md5 "Hello World" // File input sttr md5 file.text sttr base64-encode image.jpg // Reading from different processor like cat,...

2024-06-08 12:30 PM
3
cve
cve

CVE-2024-5766

A vulnerability was found in Likeshop up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin of the component Merchandise Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-267449 was...

2.4CVSS

2024-06-08 12:15 PM
1
nvd
nvd

CVE-2024-5766

A vulnerability was found in Likeshop up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin of the component Merchandise Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-267449 was...

2.4CVSS

2024-06-08 12:15 PM
2
cvelist
cvelist

CVE-2024-5766 Likeshop Merchandise admin cross site scripting

A vulnerability was found in Likeshop up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin of the component Merchandise Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-267449 was...

2.4CVSS

2024-06-08 12:00 PM
1
openbugbounty
openbugbounty

baseballsavant.mlb.com Cross Site Scripting vulnerability OBB-3933908

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 11:30 AM
2
Total number of security vulnerabilities2674748