349 matches found
CVE-2026-23836
HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release version 3.2...
EUVD-2026-3305
HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release version 3.2...
CVE-2026-23836
HotCRP (conference review software) is affected by CVE-2026-23836. A flaw introduced in April 2024 in version 3.1 enables inadequately sanitized code generation for HotCRP formulas, allowing the execution of arbitrary PHP code (remote code execution). This issue impacts HotCRP 3.1 and is mitigate...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for April 2024.
Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF032 and 23.0.2-IF004. Vulnerability Details CVEID:CVE-2024-22353 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is...
AlmaLinux 8 : mariadb:10.5 (ALSA-2025:0739)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:0739 advisory. mysql: InnoDB unspecified vulnerability CPU Oct 2023 CVE-2023-22084 mysql: Client: mysqldump unspecified vulnerability CPU Apr 2024 CVE-2024-21096 Tenable...
CVE-2024-3370
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Egebilgi Software Website Template allows SQL Injection. This issue affects Website Template: before 29.04.2024...
CVE-2024-3370 SQLi in Egebilgi Software's Website Template
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Egebilgi Software Website Template allows SQL Injection. This issue affects Website Template: before 29.04.2024...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264
Summary IBM SDK, Java Technology Edition is vulnerable to CVE-2023-38264. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, IBM Engineering Lifecycle Optimization - Publishing, Global...
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On due to April 2024 CPU
Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository due to April 2024 CPU
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in April 2024. These issues are addressed by WebSphere Application Server shipped with WebSphere Servic...
Security Bulletin: IBM Automation Decision Services - April 2024 -Multiple CVEs addressed
Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2024-31906 DESCRIPTION: IBM Automation Decision...
CISA Known Exploited Vulnerability Catalog April 2024
Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog, prioritize remediation of listed vulnerabilities, and reduce...
mysql: Server: DML unspecified vulnerability (CPU Apr 2024)
A flaw was found in the MySQL Server product of Oracle MySQL component: Server: DML. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability ...
chandlermemorialfh.com Cross Site Scripting vulnerability OBB-3925015
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Attacks, Vulnerabilities and Actors 22 to 28 April 2024
...
boxpark.co.uk Cross Site Scripting vulnerability OBB-3924998
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress LeadConnector Plugin <= 1.7 is vulnerable to Broken Access Control
Software LeadConnector Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1371 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2445a52c5c7c Credits Krzysztof Zając Required...
unicod.nl Improper Access Control vulnerability OBB-3924861
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
uniquecatering.nl Improper Access Control vulnerability OBB-3924862
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress Democracy Poll Plugin <= 6.0.3 is vulnerable to Broken Access Control
Software Democracy Poll Type Plugin Vulnerable versions = 6.0.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33920 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 4ebe2afd67c8 Credits thiennv Required privilege...