CVE-2024-48415

itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting XSS via a crafted payload to the lastname, firstname, middlename, address, contactno, email and taxid parameters in new borrowers functionality on the Borrowers page...

CVE-2024-49925

In the Linux kernel, the following vulnerability has been resolved: fbdev: efifb: Register sysfs groups through driver core The driver core can register and cleanup sysfs groups already. Make use of that functionality to simplify the error handling and cleanup. Also avoid a UAF race during...

CVE-2024-49889

CVE-2024-49889: Linux kernel ext4 uses-after-free in ext4_ext_show_leaf() and related ext4 extents handling. The issue arises when EXT_DEBUG is defined and a saved path pointer may be freed during extent handling, leading to use-after-free in ext4_ext_show_leaf() or during ext4_ext_handle unwritt...

Adobe Acrobat < 11.0.20 / 2015.006.30306 / 2017.009.20044 Multiple Vulnerabilities (APSB17-11) (macOS)

The version of Adobe Acrobat installed on the remote macOS host is a version prior to 11.0.20, 2015.006.30306, or 2017.009.20044. It is, therefore, affected by multiple vulnerabilities. - Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an...

CVE-2024-10173

CVE-2024-10173 affects the didi DDMQ 1.0 Console Module. The vulnerability stems from input manipulation of "/;login" that results in improper authentication. It can be exploited remotely, and public disclosures exist. Several connected sources (NVD, Red Hat, CVE list, and related feeds) describe...

CVE-2024-10165

A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file deletecustcom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The explo...

PT-2024-33570 · Henrique Rodrigues · Safetyforms

Name of the Vulnerable Software and Affected Versions: Henrique Rodrigues SafetyForms versions n/a through 1.0.0 Description: A Cross-Site Request Forgery CSRF issue allows Blind SQL Injection. This means an attacker can trick a user into performing unintended actions on the web application,...

PT-2024-33169 · Sage · Sage 1000

Name of the Vulnerable Software and Affected Versions: Sage 1000 version 7.0.0 Description: An Unrestricted File Upload vulnerability exists, allowing authorized users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files, such as HTM...

CVE-2024-45071

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-21205

Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware component: OSB Core Functionality. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Bus...

CVE-2024-47080 matrix-js-sdk keys sent via `sendSharedHistoryKeys` vulnerable to interception by malicious homeserver

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method MatrixClient.sendSharedHistoryKeys is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061 and is commonly used to...

Always-Incorrect Control Flow Implementation

btcd is vulnerable to Always-Incorrect Control Flow Implementation. The vulnerability is due to a consensus failure caused by the incorrect re-implementation of Bitcoin Core's "FindAndDelete" functionality. This flaw can result in btcd clients accepting an invalid Bitcoin block or rejecting a val...

Exploit for OS Command Injection in Php

🚀 CVE-2024-4577: PHP CGI Argument Injection Scanner and Exploi...

CVE-2024-22068 Weak Password Vulnerability in ZTE ZSR V2 Intelligent Multi Service Router

Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier...

CVE-2024-22068

CVE-2024-22068 describes an Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S, 2800-4, 3800-8, and 160 series on 64-bit systems, allowing a Functionality Bypass. Affected product versions are V4.00.10 and earlier. Root cause is improper privilege management enabling bypass of restr...

CVE-2024-9473

CVE-2024-9473 affects the Palo Alto Networks GlobalProtect App on Windows. The issue is a local privilege escalation via the MSI repair functionality used during installation, allowing a locally authenticated non-admin user to elevate to NT AUTHORITY/SYSTEM. Affected versions are GlobalProtect Ap...

October 8, 2024—KB5044280 (OS Build 22000.3260)

October 8, 2024—KB5044280 OS Build 22000.3260 Updated 10/08/24---END OF SERVICE NOTICE ---IMPORTANT All editions of Windows 11, version 21H2 are at end of service today, October 8, 2024. After today, these devices will not receive monthly security and non-security updates. These updates contain...

OSV-2024-1186 UNKNOWN READ in cfl_sds_len

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=371659893 Crash type: UNKNOWN READ Crash state: cflsdslen unpackmetaopts cmtmpackunpackmap...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft USA. A security vulnerability exists in Microsoft Windows. An attacker could exploit this vulnerability to bypass certain functionality. The following products and versions are affected: Windows 11 Versio...

Cross Site Scripting(XSS)

OpenC3 COSMOS is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to the login functionality, which allows an attacker to inject malicious scripts while sending commands to and receiving data from embedded systems...