WordPress plugin WooCommerce injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An injection...

Vanna Code Issue Vulnerability

Vanna is a personalized AI SQL agent from Vanna Inc. Vanna version v0.3.4 suffers from a code issue vulnerability that stems from vulnerability to SQL injection attacks, where an attacker can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the...

Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks

Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 CVSS score: 8.1, relates to a case of prompt injection...

PT-2024-37331 · WordPress · Quiz Maker

Name of the Vulnerable Software and Affected Versions: Quiz Maker plugin for WordPress versions up to, and including, 6.5.8.3 Description: The issue is related to time-based SQL Injection via the ays questions parameter due to insufficient escaping on the user-supplied parameter and lack of...

CVE-2023-49110 XML External Entity Injection in Kiuwan SAST

When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application either on-premises or cloud/SaaS solution, the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these XML...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution provides multiple payment methods, short message alerts and product image zoom. A security vulnerability exists in PrestaShop pkthemesettings 1.8.8 and earlier versions, which stems from the presen...

GO-2024-2799 MCUboot Injection attack of unprotected TLV values in github.com/mcu-tools/mcuboot

MCUboot Injection attack of unprotected TLV values in github.com/mcu-tools/mcuboot...

PT-2024-26457 · Unknown · Diño Physics School Assistant

Name of the Vulnerable Software and Affected Versions: Diño Physics School Assistant version 2.3 Description: A vulnerability has been discovered that impacts an unidentified code within the file /classes/Master.php?f=view category. Manipulating the id argument can result in SQL injection...

Online Student Enrollment System SQL注入漏洞

Online Student Enrollment System is an online student enrollment system by Lyndon Bermoy, an individual developer. A SQL injection vulnerability exists in Online Student Enrollment System version 1.0, which can be exploited by an attacker to view, add, modify, or delete information in the back-en...

Electricity Consumption Monitoring Tool SQL注入漏洞

Electricity Consumption Monitoring Tool is an electricity consumption monitoring tool by rems individual developer. A SQL injection vulnerability exists in Electricity Consumption Monitoring Tool version 1.0, which originates from an unknown function in /endpoint/delete-bill.php that causes SQL...

CVE-2024-4264

The CVE-2024-4264 entry affects berriai/litellm. The vulnerability is caused by unsafe use of eval in litellm.get_secret() when the server uses Google KMS, allowing untrusted data to be evaluated. Attackers can inject malicious values into environment variables via the /config/update endpoint, en...

OpenText Operations Bridge Reporter 安全漏洞

OpenText Operations Bridge Reporter is an informational reporting software from OpenText designed to provide organizations with resource, event, and response time reporting across server, network, and application environments. A security vulnerability exists in OpenText Operations Bridge Reporter...

The vulnerability of the Apache Maven framework, related to improper encoding or output filtering, allows attackers to execute injection attacks through command-line interfaces.

The vulnerability of the Apache Maven framework is related to the generation of strings in double quotes without proper encapsulation. Exploiting this vulnerability allows an attacker to perform injection attacks through the command shell...

CVE-2024-4792

A vulnerability, which was classified as critical, has been found in Campcodes Online Laundry Management System 1.0. This issue affects some unknown processing of the file /adminclass.php. The manipulation of the argument...

USN-6769-1: Spreadsheet::ParseXLSX vulnerabilities

Le Dinh Hai discovered that Spreadsheet::ParseXLSX did not properly manage memory during cell merge operations. An attacker could possibly use this issue to consume large amounts of memory, resulting in a denial of service condition. CVE-2024-22368 An Pham discovered that Spreadsheet::ParseXLSX...

IBM Cognos Controller Code Execution Vulnerability

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. A code execution vulnerability exists in IBM Cognos...

CVE-2024-33403

A SQL injection vulnerability in /model/getevents.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the eventid parameter...

IBM Cognos Analytics 安全漏洞

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. IBM Cognos Analytics...

CVE-2024-31966

The CVE-2024-31966 issue affects Mitel 6800 Series and 6900 Series SIP Phones (through 6.3 SP3 HF4), Mitel 6900w Series SIP Phone (through 6.3.3), and Mitel 6970 Conference Unit (through 5.1.1 SP8). The root cause is insufficient parameter sanitization, allowing an authenticated attacker with adm...

CVE-2024-32883 MCUboot Injection attack of unprotected TLV values

MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot uses a TLV tag-length-value structure to represent the meta data associated with an image. The TLVs themselves are divided into two sections, a protected and an unprotected section. The protected TLV entries are included as part...