CVE-2024-9076

CVE-2024-9076 (DedeCMS) affects DedeCMS versions up to 5.7.115. The vulnerability is a command-injection in the article_string_mix.php (or similar) processing path, enabling remote execution due to improper handling of command input. Public exploits/poC are noted, and vendor contact was ineffecti...

CVE-2024-9031 CodeCanyon CRMGo SaaS show cross site scripting

A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up to 7.2. This issue affects some unknown processing of the file /project/task/taskid/show. The manipulation of the argument comment leads to cross site scripting. The attack may be initiated remotely...

CVE-2024-9031

CodeCanyon CRMGo SaaS (up to 7.2) has a cross-site scripting flaw in the /project/task/{task_id}/show endpoint triggered by the comment parameter. The issue may be exploited remotely and exploits have been disclosed publicly. Current remediation guidance in the connected docs is to disable access...

[SECURITY] Fedora 39 Update: ruby-3.2.5-183.fc39

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

CVE-2024-44154

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. Processing a maliciously crafted file may lead to unexpected app termination...

CVE-2024-44154

CVE-2024-44154 affects macOS components (Apple Graphics Control entry in macOS Sonoma 14.7 and macOS Sequoia 15). The issue is described as a memory initialization problem addressed by improved memory handling, with the impact that processing a maliciously crafted file may cause an application to...

CVE-2024-27880

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, tvOS 18, visionOS 2, watchOS 11. Processing a maliciously crafted file may lead to unexpected app termination...

CVE-2024-8567

A vulnerability, which was classified as critical, has been found in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=deletedeductions. The manipulation of the argument id leads to sql injection. The attack may be initiated...

CVE-2024-8559

A vulnerability, which was classified as critical, has been found in SourceCodester Online Food Menu 1.0. This issue affects some unknown processing of the file /endpoint/delete-menu.php. The manipulation of the argument menu leads to sql injection. The attack may be initiated remotely. The explo...

CVE-2024-8380

SourceCodester Contact Manager with Export to VCF 1.0 contains a SQL injection vulnerability in the Delete Contact Handler, specifically the /endpoint/delete-account.php endpoint. The issue arises from improper handling of the contact parameter, allowing remote exploitation. Public disclosure of ...

CVE-2024-8342

CVE-2024-8342 affects SourceCodester Petshop Management System 1.0. The vulnerability is in the /controllers/add_client.php handler, where manipulation of the image_profile parameter enables unrestricted file upload. This may allow remote attackers to upload arbitrary files, potentially leading t...

CVE-2024-43700

CVE-2024-43700 concerns xfpt with versions prior to 1.01, where improper handling of input data can cause a stack-based buffer overflow, allowing arbitrary code execution when a crafted file is opened. The issue is repeatedly documented across Linux distributions and advisories: Debian DLA-3977-1...

CVE-2024-8112 thinkgem JeeSite Cookie login cross site scripting

A vulnerability was found in thinkgem JeeSite 5.3. It has been rated as problematic. This issue affects some unknown processing of the file /js/a/login of the component Cookie Handler. The manipulation of the argument skinName leads to cross site scripting. The attack may be initiated remotely. T...

CVE-2024-8022 Genexis Tilgin Home Gateway cross site scripting

A vulnerability was found in Genexis Tilgin Home Gateway 322AS0500-03051305. It has been rated as problematic. This issue affects some unknown processing of the file /vood/cgi-bin/voodview.cgi?lang=EN&act=user/specconf&sessionId=86213915328111654515&user=A&message2user=Account%20updated. The...

CVE-2024-7925

CVE-2024-7925 (ZZCMS 2023) affects the component handling file 3/E_bak5.1/upload/eginfo.php. The issue arises from manipulating the phome argument with the input ShowPHPInfo, which leads to information disclosure. The vulnerability supports remote exploitation (attack vector: network). The availa...

CVE-2024-7754

SourceCodester Clinics Patient Management System 1.0 contains a SQL injection vulnerability in /ajax/check_medicine_name.php via the user_name parameter. The issue is remote-exploitable and has been publicly disclosed. Several sources (including PT Security and other CVE aggregations) corroborate...

CVE-2024-42238

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Return error if block header overflows file Return an error from csdsppowerup if a block header is longer than the amount of data left in the file. The previous code in csdspload and csdsploadcoeff would loop whi...

CVE-2024-42238

CVE-2024-42238 : In the Linux kernel, the vulnerability in firmware CS_DSP handling was resolved. The issue allowed processing to overrun when a block header exceeded remaining data, due to prior behavior in cs_dsp_load()/cs_dsp_load_coeff() which would loop until enough data remained instead of ...

CVE-2024-42238 firmware: cs_dsp: Return error if block header overflows file

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Return error if block header overflows file Return an error from csdsppowerup if a block header is longer than the amount of data left in the file. The previous code in csdspload and csdsploadcoeff would loop whi...

CVE-2024-7458

A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation of the argument file leads to path traversa...