Lucene search

K

The School Management – Education & Learning Management Security Vulnerabilities

nvd
nvd

CVE-2024-37902

DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model....

10CVSS

EPSS

2024-06-17 08:15 PM
nvd
nvd

CVE-2024-37896

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...

8.8CVSS

EPSS

2024-06-17 08:15 PM
cve
cve

CVE-2024-37896

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...

8.8CVSS

9.1AI Score

EPSS

2024-06-17 08:15 PM
1
cve
cve

CVE-2024-37902

DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model....

10CVSS

9.3AI Score

EPSS

2024-06-17 08:15 PM
1
cvelist
cvelist

CVE-2024-37896 SQL injection vulnerability in Gin-vue-admin

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...

8.8CVSS

EPSS

2024-06-17 07:33 PM
1
cvelist
cvelist

CVE-2024-37902 Path thraversal in DeepJavaLibrary

DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model....

10CVSS

EPSS

2024-06-17 07:25 PM
1
nvd
nvd

CVE-2024-37840

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID...

EPSS

2024-06-17 07:15 PM
cve
cve

CVE-2024-37840

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID...

8.6AI Score

EPSS

2024-06-17 07:15 PM
2
wolfi
wolfi

GHSA-5JPM-X58V-624V vulnerabilities

Vulnerabilities for packages: neo4j, keycloak, cloudwatch-exporter, selenium, spark, opensearch, wavefront-proxy,...

7.5AI Score

2024-06-17 05:30 PM
6
wolfi
wolfi

CVE-2024-29025 vulnerabilities

Vulnerabilities for packages: neo4j, keycloak, cloudwatch-exporter, selenium, spark, opensearch, wavefront-proxy,...

5.3CVSS

5.8AI Score

0.0004EPSS

2024-06-17 05:30 PM
15
msrc
msrc

Mitigating SSRF Vulnerabilities Impacting Azure Machine Learning

Summary On May 9, 2024, Microsoft successfully addressed multiple vulnerabilities within the Azure Machine Learning (AML) service, which were initially discovered by security research firms Wiz and Tenable. These vulnerabilities, which included Server-Side Request Forgeries (SSRF) and a path...

7.4AI Score

2024-06-17 07:00 AM
1
nvd
nvd

CVE-2024-6043

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...

7.3CVSS

0.0004EPSS

2024-06-17 01:15 AM
2
cve
cve

CVE-2024-6043

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...

7.3CVSS

7.6AI Score

0.0004EPSS

2024-06-17 01:15 AM
2
cve
cve

CVE-2024-6042

A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...

7.3CVSS

6.8AI Score

0.0004EPSS

2024-06-17 12:15 AM
5
nvd
nvd

CVE-2024-6042

A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...

7.3CVSS

0.0004EPSS

2024-06-17 12:15 AM
3
cvelist
cvelist

CVE-2024-6043 SourceCodester Best House Rental Management System admin_class.php login sql injection

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...

7.3CVSS

0.0004EPSS

2024-06-17 12:00 AM
2
vulnrichment
vulnrichment

CVE-2024-6043 SourceCodester Best House Rental Management System admin_class.php login sql injection

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...

7.3CVSS

7.5AI Score

0.0004EPSS

2024-06-17 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6818-3)

The remote host is missing an update for...

7.8CVSS

8.8AI Score

0.001EPSS

2024-06-17 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6821-4)

The remote host is missing an update for...

8CVSS

8AI Score

0.0004EPSS

2024-06-17 12:00 AM
cve
cve

CVE-2024-37798

Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input...

5.8AI Score

EPSS

2024-06-17 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6817-3)

The remote host is missing an update for...

7.8CVSS

8AI Score

0.0005EPSS

2024-06-17 12:00 AM
cvelist
cvelist

CVE-2024-37840

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID...

EPSS

2024-06-17 12:00 AM
packetstorm

7.4AI Score

EPSS

2024-06-17 12:00 AM
4
cvelist
cvelist

CVE-2024-37798

Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input...

EPSS

2024-06-17 12:00 AM
cvelist
cvelist

CVE-2024-6042 itsourcecode Real Estate Management System property-detail.php sql injection

A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...

7.3CVSS

0.0004EPSS

2024-06-16 11:31 PM
2
cve
cve

CVE-2024-6041

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-16 11:15 PM
6
nvd
nvd

CVE-2024-6041

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The...

6.3CVSS

0.0004EPSS

2024-06-16 11:15 PM
1
vulnrichment
vulnrichment

CVE-2024-6041 itsourcecode Gym Management System manage_user.php sql injection

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-16 11:00 PM
cvelist
cvelist

CVE-2024-6041 itsourcecode Gym Management System manage_user.php sql injection

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The...

6.3CVSS

0.0004EPSS

2024-06-16 11:00 PM
2
cve
cve

CVE-2024-6016

A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely.....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-15 07:15 PM
14
nvd
nvd

CVE-2024-6016

A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely.....

6.3CVSS

0.0004EPSS

2024-06-15 07:15 PM
1
vulnrichment
vulnrichment

CVE-2024-6016 itsourcecode Online Laundry Management System admin_class.php sql injection

A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely.....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-15 06:31 PM
cvelist
cvelist

CVE-2024-6016 itsourcecode Online Laundry Management System admin_class.php sql injection

A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely.....

6.3CVSS

0.0004EPSS

2024-06-15 06:31 PM
2
nvd
nvd

CVE-2024-6014

A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Affected is an unknown function of the file edithis.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to....

6.3CVSS

0.0004EPSS

2024-06-15 05:15 PM
4
cve
cve

CVE-2024-6014

A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Affected is an unknown function of the file edithis.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to....

6.3CVSS

6.9AI Score

0.0004EPSS

2024-06-15 05:15 PM
13
cvelist
cvelist

CVE-2024-6014 itsourcecode Document Management System edithis.php sql injection

A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Affected is an unknown function of the file edithis.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to....

6.3CVSS

0.0004EPSS

2024-06-15 04:31 PM
2
thn
thn

Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan

Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile...

7AI Score

2024-06-15 09:51 AM
15
cve
cve

CVE-2024-37831

Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID...

8.3AI Score

0.0004EPSS

2024-06-14 08:15 PM
13
nvd
nvd

CVE-2024-37831

Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID...

0.0004EPSS

2024-06-14 08:15 PM
1
osv
osv

linux-azure, linux-gke vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Zheng Wang discovered that the...

7.8CVSS

8.3AI Score

0.0005EPSS

2024-06-14 05:24 PM
osv
osv

linux-nvidia-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....

7.8CVSS

7.4AI Score

0.001EPSS

2024-06-14 03:59 PM
osv
osv

linux-azure, linux-azure-fde vulnerabilities

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...

8CVSS

8.2AI Score

0.0004EPSS

2024-06-14 03:39 PM
1
nvd
nvd

CVE-2024-37314

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or...

3.5CVSS

0.0004EPSS

2024-06-14 03:15 PM
cve
cve

CVE-2024-37314

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or...

3.5CVSS

6.9AI Score

0.0004EPSS

2024-06-14 03:15 PM
12
cvelist
cvelist

CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or...

3.5CVSS

0.0004EPSS

2024-06-14 03:05 PM
rocky
rocky

fence-agents security update

An update is available for fence-agents. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling.....

5.4CVSS

7AI Score

0.0004EPSS

2024-06-14 02:00 PM
2
osv
osv

Moderate: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): jinja2: accepts keys containing non-attribute characters...

5.4CVSS

7.3AI Score

0.0004EPSS

2024-06-14 02:00 PM
3
rocky
rocky

ruby:3.3 security, bug fix, and enhancement update

An update is available for rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-pg, module.ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

6.5AI Score

EPSS

2024-06-14 02:00 PM
osv
osv

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (Rocky Linux-37697) Security Fix(es): ruby: Buffer overread...

6.9AI Score

EPSS

2024-06-14 02:00 PM
3
osv
osv

Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.1). (Rocky Linux-35449) Security Fix(es): ruby: Buffer overread...

6.9AI Score

EPSS

2024-06-14 02:00 PM
6
Total number of security vulnerabilities132836