CVE-2024-29837

In Evolution Controller, the Web interface vulnerability CVE-2024-29837 affects Versions 2.04.560.31.03.2024 and earlier. The root cause is poor session management, enabling an unauthenticated attacker to access administrator functionality if any other user is already signed in. This is evidenced...

CVE-2024-29837 Poor session management in Evolution Controller allows administrator functionality for unauthenticated connections

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in...

PT-2024-27714 · Unknown · Phpgurukul/Itsourcecode News Portal

Name of the Vulnerable Software and Affected Versions: PHPGurukul/itsourcecode News Portal version 4.1 Description: A critical issue has been found in the processing of the file search.php, where the manipulation of the searchtitle argument leads to sql injection. The attack may be initiated...

PT-2024-15226 · WordPress · Everest Backup

Name of the Vulnerable Software and Affected Versions: The Everest Backup WordPress plugin versions prior to 2.2.5 Description: The issue allows high privilege users, such as admins, to upload arbitrary files on the server, even when they should not be allowed to, for example in a multisite setup...

PT-2024-23074

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below Description The Web interface of Evolution Controller uses poor session management, allowing an unauthenticated attacker to access administrator functionality if any other user is...

Exploit for Unrestricted Upload of File with Dangerous Type in Openeclass

CVE-2024-31777 | GUnet OpenEclass E-learning platform Unrestri...

OPENSUSE-SU-2024:0106-1 Security update for sngrep

This update for sngrep fixes the following issues: - Update to version 1.8.1 Fix CVE-2024-3119: sngrep: buffer overflow due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. Fix CVE-2024-3120: sngrep: stack-buffer overflow due to inadequate bounds checking when copying 'Content-Lengt...

CVE-2024-3570 Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm

A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to...

CVE-2024-3570 Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm

A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to...

CVE-2024-23734

Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link...

WordPress Plugin Bold Page Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-30721

CVE-2024-30721 is rejected; this candidate withdrawn and not an active vulnerability entry.

PT-2024-26648 · Unknown · Anything-Llm

Name of the Vulnerable Software and Affected Versions: anything-llm affected versions not specified Description: A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating...

AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability

Talos Vulnerability Report TALOS-2023-1848 AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability April 10, 2024 CVE Number CVE-2024-21972 SUMMARY An arbitrary write vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll...

AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability

Talos Vulnerability Report TALOS-2023-1847 AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability April 10, 2024 CVE Number CVE-2024-21979 SUMMARY An arbitrary write vulnerability exists in the Shader Functionality of AMD Radeon DirectX 11 Driver atidxx64.dll...

CVE-2024-2112

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive...

CVE-2023-6777

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's...

CVE-2024-2112 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information Exposure

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive...

CVE-2024-2112 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information Exposure

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive...

CVE-2024-2261 Event Tickets and Registration <= 5.8.2 - Improper Authorization to Information Disclosure

The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.2 via the RSVP functionality. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data includin...