CVE-2024-1927 SourceCodester Web-Based Student Clearance System login.php sql injection

A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/login.php. The manipulation of the argument txtpassword leads to sql injection. The attack can be launched...

Authentication Bypass

com.linecorp.armeria: armeria-saml is vulnerable to Authentication Bypass. The vulnerability is due to improper filtering of SAML messages, allowing attackers to craft malicious messages to bypass authentication functionality...

CVE-2024-21825

A heap-based buffer overflow vulnerability exists in the GGUF library GGUFTYPEARRAY/GGUFTYPESTRING parsing functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-21825

Talos details CVE-2024-21825 in llama.cpp (GGUF library) focusing on parsing of GGUF_TYPE_ARRAY/GGUF_TYPE_STRING within gguf_init_from_file. An attacker-provided .gguf file can trigger a heap-based buffer overflow when kv->value.arr.n is large, due to an integer overflow in the allocation kv-&...

CVE-2024-21836

A heap-based buffer overflow vulnerability exists in the GGUF library header.ntensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

PT-2024-17951 · Microsoft · Office 365

Name of the Vulnerable Software and Affected Versions: Office 365 affected versions not specified Description: The issue affects login functionality in a zero-trust environment. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerabilit...

Sql injection

A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Source/librarian/user/student/registration.php. The manipulation of the argument email/regno/phone/username leads to sql injectio...

Cross Site Scripting (XSS)

baserproject/basercms is vulnerable to Cross Site Scripting XSS. The vulnerability is due to inadequate input validation, allowing attackers to inject malicious scripts into the search functionality...

HCL Sametime Security Vulnerability

HCL Technologies HCL Sametime is a conferencing solution from HCL Technologies, USA. A security vulnerability exists in HCL Sametime that stems from the use of Eclipse functionality to store sensitive data, resulting in an information disclosure vulnerability...

AZL-43933 CVE-2023-52161 affecting package iwd 1.22-2

The Access Point functionality in eapolauthkeyhandle in eapol.c in iNet wireless daemon IWD before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key...

IBM PowerSC Session Fixation Vulnerability

IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC suffers from a session fixation vulnerability that stems from the failure to provide logout functionality, which could be exploited by an attacker to gain access to...

CVE-2023-52161

The Access Point functionality in eapolauthkeyhandle in eapol.c in iNet wireless daemon IWD before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key...

CVE-2023-52161

The Access Point functionality in eapolauthkeyhandle in eapol.c in iNet wireless daemon IWD before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key...

GHSA-W3Q8-M492-4PWP Possibility to circumvent the invitation token expiry period

Impact The invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. When using the password reset functionality, the deviseinvitable gem always accepts the pending invitation if the user has been invited as shown in this piece...

CVE-2024-1288 Schema & Structured Data for WP & AMP <= 1.26 - Missing Authorization to reCaptcha Key Modification

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswpreviewsformrender' function in all versions up to, and including, 1.26. This makes it possible for authenticated attackers, with...

CVE-2024-1128 Tutor LMS <= 2.6.0 - Authenticated(Student+) HTML Injection via Q&A

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. This is due to insufficient sanitization of HTML input in the Q&A functionality. This makes it possible for authenticated attackers, with Student...

CVE-2024-1128 Tutor LMS <= 2.6.0 - Authenticated(Student+) HTML Injection via Q&A

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. This is due to insufficient sanitization of HTML input in the Q&A functionality. This makes it possible for authenticated attackers, with Student...

Cross site request forgery (csrf)

Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the...

CVE-2024-21795

A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch ab0ee111. A specially crafted .egi file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-21795

A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch ab0ee111. A specially crafted .egi file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...