CVE-2024-3025

The CVE-2024-3025 entry affects mintplex-labs/anything-llm, where the logo filename handling allows path traversal due to insufficient input validation. Attackers can reference files outside the restricted directory via the logo upload endpoint, exposing the application’s database and potentially...

CVE-2024-3025 Path Traversal in mintplex-labs/anything-llm

mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can...

CVE-2024-3524

CVE-2024-3524 affects Campcodes Online Event Management System 1.0. A cross-site scripting flaw arises from unknown processing in /views/process.php where manipulating the name argument enables XSS. The attack can be remote and the exploit has been publicly disclosed. Sources consistently referen...

CVE-2024-31454 PsiTransfer file integrity violation vulnerability

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. The...

CVE-2024-31454

PsiTransfer (open-source file sharing) prior to version 2.2.0 is vulnerable due to unrestricted upload-endpoint access, where an attacker who obtains a file distribution id can replace files within that distribution. This leads to integrity violations at the level of individual files, as exposed ...

CVE-2024-3458

A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /admin/addikev2.php. The manipulation of the argument TunnelId leads to sql injection. The attack can be initiated remotely. The exploit has...

CVE-2024-3457

The vulnerability CVE-2024-3457 affects Netentsec NS-ASG Application Security Gateway v6.3. The issue arises from a SQL injection in the parameter GroupId within the file /admin/config_ISCGroupNoCache.php, enabling remote attackers to manipulate input and potentially compromise data integrity, co...

CVE-2024-3436

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Admin/edit-photo.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack c...

CVE-2024-3357

A vulnerability classified as problematic has been found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. This affects an unknown part of the file admin/modreports/index.php. The manipulation of the argument end leads to cross site scripting. It is possible to initiate the...

CVE-2024-3314

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Users.php. The manipulation leads to sql injection. The attack may be initiated remotely. The identifier VDB-259385 was...

CVE-2024-3258

CVE-2024-3258 affects SourceCodester Internship Portal Management System 1.0, specifically the admin/add_activity.php file. The issue is a SQL injection via the title/description/start/end parameters, exploitable remotely. Public disclosure exists; multiple sources reference an exploit and public...

CVE-2024-3145

CVE-2024-3145 affects DedeCMS 5.7, specifically the /src/dede/makehtml_js_action.php component. The root cause is a cross-site request forgery (CSRF) vulnerability that can be triggered remotely, with public exploit disclosures noted. Multiple sources (NVD/CVE records) classify the issue as MEDIU...

CVE-2024-3078

CVE-2024-3078 affects Qdrant prior to 1.8.3 (versions up to 1.6.1, 1.7.4, 1.8.2) and stems from path traversal in the Full Snapshot REST API handler (lib/collection/src/collection/snapshots.rs). The vulnerability allows traversal of filesystem paths due to the processing logic described in multip...

CVE-2024-3011

CVE-2024-3011 affects Tenda FH1205 (version 2.0.0.7(775)). The vulnerability is in the function formQuickIndex of the file /goform/QuickIndex , where manipulating the PPPOEPassword parameter causes a stack-based buffer overflow . Exploitation can be performed remotely, and multiple sources note t...

CVE-2024-2999

CVE-2024-2999 affects Campcodes Online Art Gallery Management System 1.0. The vulnerability lies in the uname parameter of /admin/adminHome.php, where lack of input validation enables remote SQL injection. The issue is described as critical with public exploits disclosed and a known CVE entry (VD...

CVE-2024-2894

The CVE-2024-2894 entry affects Tenda AC7, specifically the stack-based buffer overflow in the function formSetQosBand within /goform/SetNetControlList (version 15.03.06.44). The vulnerability can be triggered remotely by manipulating the list argument, leading to potential full confidentiality, ...

CVE-2024-2892 Tenda AC7 setcfm formSetCfm stack-based overflow

A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The explo...

Path Traversal

getgrav/grav is vulnerable to Path Traversal. The vulnerability is due to missing .. sanitization of upload file paths, which allows an attacker to replace or create files with specific extensions such as .json, .zip, .css, .gif, etc...

CVE-2024-2825 lakernote EasyAdmin saveReportFile path traversal

A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the argument file leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The...

CVE-2024-2822

CVE-2024-2822 affects DedeCMS 5.7, targeting the /src/dede/vote_edit.php component. The issue arises from manipulating the parameter aid , enabling remote cross-site request forgery (CSRF). Exploitation has been disclosed publicly; no patch/versioned fix is documented in the provided sources. A p...