CVE-2024-5379 JFinalCMS template cross site scripting

A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. The manipulation of the argument directory leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CVE-2024-5373

CVE-2024-5373 affects Kashipara College Management System 1.0. The issue is a cross-site scripting vulnerability in submit_login.php where manipulation of the argument usertype enables XSS. The attack is potentially remote, and the exploit has been disclosed publicly. Connected sources consistent...

CVE-2024-5361

CVE-2024-5361 refers to a SQL injection vulnerability in PHPGurukul Zoo Management System 2.1, specifically in the file /admin/normal-bwdates-reports-details.php where the parameter fromdate can be manipulated to trigger database injection. Several connected records corroborate remote exploitatio...

CVE-2024-5337 Ruijie RG-UAC user_commit.php os command injection

A vulnerability was found in Ruijie RG-UAC up to 20240516 and classified as critical. This issue affects some unknown processing of the file /view/systemConfig/sysuser/usercommit.php. The manipulation of the argument email2/username leads to os command injection. The attack may be initiated...

CVE-2024-5240

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/unreadmsg.php. The manipulation of the argument myindex leads to sql injection. The attack may be initiated remotely. The...

CVE-2024-5107

A vulnerability, which was classified as critical, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/studentpaymentdetails2.php. The manipulation of the argument index leads to sql injection. The attack may be...

GHSA-M9FV-WHQ2-6WMC Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar

The Drupal project uses the third-party library ArchiveTar, which has released a security improvement that is needed to protect some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The lates...

Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar

The Drupal project uses the third-party library ArchiveTar, which has released a security improvement that is needed to protect some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The lates...

GHSA-98H9-727M-44QV Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar

The Drupal project uses the third-party library ArchiveTar, which has released a security improvement that is needed to protect some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The lates...

CVE-2024-4801

A vulnerability was found in Kashipara College Management System 1.0 and classified as critical. This issue affects some unknown processing of the file submitnewfaculty.php. The manipulation of the argument address leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2024-27829

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution...

CVE-2024-27829

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution...

CVE-2024-27829

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution...

CVE-2024-27829

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution...

PT-2024-22069 · Apple · Macos Monterey +7

Name of the Vulnerable Software and Affected Versions: macOS Ventura versions prior to 13.6.7 macOS Monterey versions prior to 12.7.5 iOS versions prior to 16.7.8 iPadOS versions prior to 16.7.8 tvOS versions prior to 17.5 visionOS versions prior to 1.2 iOS versions prior to 17.5 iPadOS versions...

CVE-2024-4717

CVE-2024-4717 affects Campcodes Complete Web-Based School Management System 1.0. A cross-site scripting vulnerability arises from manipulating the name parameter in /model/update_classroom.php, exploitable remotely. The issue is triggered by improper handling of the argument name, enabling user-c...

CVE-2024-4645

A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /Admin/changepassword.php. The manipulation of the argument txtoldpassword/txtnewpassword/txtconfirmpassword leads to cross site scripting...

CVE-2024-4645

The CVE-2024-4645 entry concerns SourceCodester Prison Management System 1.0. Multiple connected sources confirm a cross-site scripting (XSS) vulnerability in /Admin/changepassword.php, triggered by manipulating the txtold_password, txtnew_password, and txtconfirm_password fields. The issue is tr...

CVE-2024-4593

CVE-2024-4593 concerns DedeCMS 5.7, where the vulnerability lies in the file /src/dede/sys_multiserv.php. The issue is described as a cross‑site request forgery (CSRF) that can be triggered remotely, with the exploit publicly disclosed. Several connected sources consistently identify the affected...

CVE-2024-4526

CVE-2024-4526 affects Campcodes Complete Web-Based School Management System 1.0. The issue is a cross-site scripting vulnerability in the month parameter of /view/student_payment_details3.php. Attack could be initiated remotely and the exploit has been publicly disclosed. Multiple connected sourc...