fl-manager-components-datasets-torch (=0.1.0), fl-manager-components-formatters-pillow (=0.1.0) +11 more potentially affected by CVE-2026-24204 via nvflare (>=2.2.0 <=2.7.1)

nvflare PYPI version =2.2.0, =0.1.0, =0.2.0, =3.1.27, =3.1.27, =3.1.29, =3.1.31 Source cves: CVE-2026-24204 Source advisory: SNYK:PYTHON-NVFLARE-16318745...

Security Bulletin: NVIDIA FLARE SDK - April 2026

NVIDIA has released a software update for NVIDIA® FLARE™ SDK. To protect your system, clone or update this software to NVIDIA FLARE SDK v2.7.2 or later from NVIDIA/NVFlare on GitHub. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this...

CVE-2021-24204

In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget includes/widgets/accordion.php accepts a ‘titlehtmltag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...

CVE-2025-24204

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...

CVE-2025-24204

CVE-2025-24204 is a kernel‑level issue in macOS Sequoia prior to 15.4. The fixed description indicates that an app may be able to access protected user data due to insufficient checks in the involved kernel path. The vulnerability is resolved in macOS Sequoia 15.4 with the update noted by Apple’s...

CVE-2025-24204

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...

CVE-2025-24204

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...

CVE-2023-24204

SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php...

CVE-2023-24204

SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php...

CVE-2021-24204

In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget includes/widgets/accordion.php accepts a ‘titlehtmltag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...

CVE-2021-24204

The CVE concerns Elementor Website Builder WordPress plugin prior to 3.1.4. The accordion widget (includes/widgets/accordion.php) accepts a title_html_tag parameter, which was not properly filtered. A user with Contributor or higher permissions can craft a modified save_builder request containing...

VulnCheck KEV: CVE-2021-24204

In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget includes/widgets/accordion.php accepts a ‘titlehtmltag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send...

SonicWALL GMS 6 Arbitrary File Upload

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

CVE-2023-24204

SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php...