CVE-2024-11125 GetSimpleCMS profile.php cross-site request forgery

A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and m...

CVE-2024-46888

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and...

CVE-2024-46888

CVE-2024-46888 concerns Siemens SINEC INS (

CVE-2024-46888

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and...

CVE-2024-46888

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and...

CVE-2024-11122 上海灵当信息科技有限公司 Lingdang CRM index.php unrestricted upload

A vulnerability, which was classified as critical, has been found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Affected by this issue is some unknown functionality of the file /crm/wechatSession/index.php?msgid=1&operation=upload. The manipulation of the argument file leads to unrestricted upload...

CVE-2024-11122

CVE-2024-11122 affects Lingdang CRM up to version 8.6.4.3. The issue resides in the /crm/wechatSession/index.php?msgid=1&operation=upload endpoint, where manipulation of the file argument enables unrestricted file upload. The vulnerability is exploitable remotely and has been publicly disclosed. ...

PT-2024-8705 · Siemens · Sinec Ins

Name of the Vulnerable Software and Affected Versions: SINEC INS versions prior to V1.0 SP2 Update 3 Description: A vulnerability has been identified in the affected application, which does not properly sanitize user-provided paths for SFTP-based file up- and downloads. This could allow an...

CVE-2024-11076

This CVE-2024-11076 affects code-projects Job Recruitment 1.0. The vulnerability is located in the activation.php handler, where manipulating the e_hash parameter allows SQL injection. Impact is described as remote exploitation with high potential impact (SQL injection in a user-facing activation...

CVE-2024-11070

A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site scripting. The attack ma...

CVE-2024-11060 Jinher Network Collaborative Management Platform 金和数字化智能办公平台 AcceptShow.aspx sql injection

A vulnerability classified as critical has been found in Jinher Network Collaborative Management Platform 金和数字化智能办公平台 1.0. Affected is an unknown function of the file /C6/JHSoft.Web.AcceptAip/AcceptShow.aspx/. The manipulation of the argument id leads to sql injection. It is possible to launch th...

CVE-2024-11050

CVE-2024-11050 affects AMTT Hotel Broadband Operation System up to version 3.0.3.151204. The vulnerability resides in /language.php, where manipulating LangID/LangName/LangEName triggers cross-site scripting. Attack may be carried out remotely and exploits have been disclosed publicly; vendor did...

CVE-2024-10999

CodeAstro Real Estate Management System 1.0 is affected by CVE-2024-10999 via an unrestricted upload vulnerability in the About Us page file /aboutadd.php, caused by the aimage parameter. The issue allows remote exploitation and has been publicly disclosed. No official patch details are provided ...

GHSA-32P4-GM2C-WMCH ansible-core Incorrect Authorization vulnerability

A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home directory. If the...

CVE-2024-9902

A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home directory. If the...

CVE-2024-9902

A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home directory. If the...

CVE-2024-9902 Ansible-core: ansible-core user may read/write unauthorized content

A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home directory. If the...

CVE-2024-9902 Ansible-core: ansible-core user may read/write unauthorized content

A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home directory. If the...

CVE-2024-9902

A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home directory. If the...

RHEL 9 : libtiff (RHSA-2024:8914)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8914 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: NULL pointer...