CVE-2021-24748

The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues...

Discourse < 3.2.1 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

CVE-2024-11550

IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...

CVE-2024-11550 IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...

CVE-2024-11550 IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...

CVE-2024-11550

CVE-2024-11550 is a vulnerability in IrfanView caused by an out-of-bounds write during DXF file parsing due to insufficient validation. It can allow arbitrary code execution in the context of the current process when a user opens a malicious DXF or visits a malicious page/page that triggers parsi...

CVE-2024-24748

creationtimestamp| type| source ---|---|--- 2024-03-15 21:22:02+00:00| seen| https://t.me/ctinow/209152 2024-03-15 21:26:15+00:00| seen| https://t.me/ctinow/209165...

CVE-2024-24748

CVE-2024-24748 affects Discourse. The vulnerability allows an attacker to learn that a secret subcategory exists under a public category that has no public subcategories. The issue is mitigated by upgrading to the latest stable, beta, or tests-passed Discourse release, as documented in multiple a...

CVE-2024-24748 Disclosure of the existence of secret subcategories in Discourse

Discourse is an open source platform for community discussion. In affected versions an attacker can learn that a secret subcategory exists under a public category which has no public subcategories. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are...

CVE-2022-24748

CVE-2022-24748 affects Shopware: before version 6.4.8.2, an improper API route check allows modifying customers and creating orders without App Permission. Root cause: inadequate authorization in API routing. Impact: unauthorized actions with no privileges; no exploitation details provided in the...

CVE-2022-24748 Incorrect Authentication in shopware

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions prior to 6.4.8.2 it is possible to modify customers and to create orders without App Permission. This issue is a result of improper api route checking. Users are advised to upgra...

CVE-2021-24748

CVE-2021-24748 affects the Email Before Download WordPress plugin prior to version 6.8. The vulnerability arises from improper validation/escaping of order and orderby GET parameters used in SQL statements, causing authenticated SQL injection. Impact per sources includes high-severity exposure (C...

CVE-2021-24748 Email Before Download < 6.8 - Admin+ SQL Injection

The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues...

Microsoft Windows GDI Component Information Disclosure Vulnerability (CNVD-2019-24748)

The Microsoft Windows operating system is a set of operating systems developed by Microsoft Corporation in the United States. An information disclosure vulnerability exists in Microsoft Windows GDI Component, which can be exploited by an attacker to cause an information disclosure that could lead...