17 matches found
CVE-2026-24902
creationtimestamp| type| source ---|---|--- 2026-01-29 23:30:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdlwzcmb642h...
CVE-2022-24902
TkVideoplayer is a simple library to play video files in tkinter. Uncontrolled memory consumption in versions of TKVideoplayer prior to 2.0.0 can theoretically lead to performance degradation. There are no known workarounds. This issue has been patched and users are advised to upgrade to version...
CVE-2025-24902
WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, salvarcargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. Thi...
CVE-2025-24902
WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, salvarcargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. Thi...
CVE-2025-24902
creationtimestamp| type| source ---|---|--- 2025-02-03 21:49:06+00:00| seen| https://infosec.exchange/users/cve/statuses/113942157431197650 2025-02-03 22:16:12+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhckyqtwzf2p 2025-02-03 23:40:51+00:00| seen|...
CVE-2025-24902
CVE-2025-24902 affects the WeGIA Web Manager for charitable institutions. A SQL Injection flaw exists in the salvar_cargo.php endpoint (likely involving the id_cargo parameter) that could allow an authorized attacker to execute arbitrary SQL, exposing or deleting sensitive data. The issue is addr...
CVE-2025-24902 SQL Injection endpoint 'salvar_cargo.php' parameter 'id_cargo' in WeGIA
WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, salvarcargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. Thi...
CVE-2024-24902
creationtimestamp| type| source ---|---|--- 2024-12-13 14:18:11+00:00| seen| https://infosec.exchange/users/cve/statuses/113645944275049825...
CVE-2024-24902
Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. A low privileged local attacker could potentially exploit this vulnerability leading to gaining access to unauthorized data for a limited time...
CVE-2024-24902
Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. A low privileged local attacker could potentially exploit this vulnerability leading to gaining access to unauthorized data for a limited time...
CVE-2023-24902
Technical details about CVE-2023-24902 (affected components, exploit vectors, root cause, or mitigation) are not publicly provided in the supplied documents. Monitor for official advisories and updates from Microsoft and national CERTs for new information.
CVE-2022-24902 Memory issue in playing videos
TkVideoplayer is a simple library to play video files in tkinter. Uncontrolled memory consumption in versions of TKVideoplayer prior to 2.0.0 can theoretically lead to performance degradation. There are no known workarounds. This issue has been patched and users are advised to upgrade to version...
CVE-2022-24902
CVE-2022-24902 affects TkVideoplayer prior to 2.0.0. Uncontrolled memory consumption can lead to performance degradation and, per some sources, potential DoS via memory allocation behavior. The issue has been patched in version 2.0.0 and later; upgrade to 2.0.0+ to remediate. Affected component: ...
CVE-2022-24902 Memory issue in playing videos
TkVideoplayer is a simple library to play video files in tkinter. Uncontrolled memory consumption in versions of TKVideoplayer prior to 2.0.0 can theoretically lead to performance degradation. There are no known workarounds. This issue has been patched and users are advised to upgrade to version...
CVE-2021-24902
The CVE-2021-24902 entry concerns the WordPress Typebot plugin (before 1.4.3). The root cause is failure to sanitize and escape the Publish ID setting, enabling stored Cross-Site Scripting (XSS) by admin+ users even when unfiltered_html is disallowed. Affected component: Publish ID handling in th...
CVE-2020-24902
creationtimestamp| type| source ---|---|--- 2021-01-07 16:40:28+00:00| seen| https://t.me/cibsecurity/21732...
CVE-2020-24902
Quixplorer affects versions up to 2.4.1 and is vulnerable to a reflected XSS due to improper input validation. An attacker can craft a URL that executes arbitrary JavaScript in the victim’s browser within the site’s context, potentially stealing cookie-based credentials. The connected Nuclei temp...