WordPress Namaste! LMS plugin <= 2.6.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Namaste! LMS versions = 2.6.3...

PT-2024-40927 · Unknown · Pqcrypto-Mlkem

Name of the Vulnerable Software and Affected Versions: pqcrypto-mlkem affected versions not specified Description: The issue concerns the replacement of a crate with pqcrypto-mlkem, which provides a FIPS203-compatible implementation of ML-KEM. Recommendations: At the moment, there is no informati...

PT-2024-40926 · Pqcrypto · Pqcrypto

Name of the Vulnerable Software and Affected Versions: pqcrypto crate affected versions not specified Description: The pqcrypto crate has been replaced by pqcrypto-mldsa, which provides a FIPS204-compatible implementation of ML-DSA. Recommendations: At the moment, there is no information about a...

LangChain < 0.2.4 RCE

The remote host contains a langchain version that is prior to 0.2.4. It is, therefore, affected by a vulnerability in the FAISS.deserializefrombytes function of langchain-ai/langchain which allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands v...

CVE-2024-48509

Learning with Texts LWT 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting this vulnerability, an attacker could gain...

CVE-2024-48509

Learning with Texts LWT 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting this vulnerability, an attacker could gain...

CVE-2024-48509

Learning with Texts LWT 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting this vulnerability, an attacker could gain...

Learning with Texts SQL注入漏洞

Learning with Texts LWT is a software application by the individual developer Jon Gauthier. It allows users to import text, read, save, view and test words and expressions in multiple languages. A security vulnerability exists in Learning with Texts LWT version 2.0.3, which stems from...

PT-2024-33127 · Unknown · Learning With Texts

Name of the Vulnerable Software and Affected Versions: Learning with Texts LWT version 2.0.3 Description: The issue occurs due to the application's failure to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. Thi...

CVE-2024-48509

CVE-2024-48509 affects Learning with Texts (LWT) 2.0.3. Multiple sources describe a SQL Injection vulnerability caused by inadequate input sanitization in URL parameters, enabling an attacker to manipulate queries and potentially access, modify, or delete data and execute arbitrary commands. The ...

CVE-2024-48509

Learning with Texts LWT 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting this vulnerability, an attacker could gain...

CVE-2024-49361

ACON is a widely-used library of tools for machine learning that focuses on adaptive correlation optimization. A potential vulnerability has been identified in the input validation process, which could lead to arbitrary code execution if exploited. This issue could allow an attacker to submit...

CVE-2024-49361 Potential Vulnerability in ACON Library: Improper Input Validation Leading to Malicious Code Execution

ACON is a widely-used library of tools for machine learning that focuses on adaptive correlation optimization. A potential vulnerability has been identified in the input validation process, which could lead to arbitrary code execution if exploited. This issue could allow an attacker to submit...

CVE-2024-49361 Potential Vulnerability in ACON Library: Improper Input Validation Leading to Malicious Code Execution

ACON is a widely-used library of tools for machine learning that focuses on adaptive correlation optimization. A potential vulnerability has been identified in the input validation process, which could lead to arbitrary code execution if exploited. This issue could allow an attacker to submit...

CVE-2024-49361 Potential Vulnerability in ACON Library: Improper Input Validation Leading to Malicious Code Execution

ACON is a widely-used library of tools for machine learning that focuses on adaptive correlation optimization. A potential vulnerability has been identified in the input validation process, which could lead to arbitrary code execution if exploited. This issue could allow an attacker to submit...

CVE-2024-49361

CVE-2024-49361 concerns the ACON library (Adaptive Correlation Optimization Network) and describes an input-validation vulnerability that could allow remote code execution when processing user-supplied data. Multiple sources corroborate that an attacker could submit malicious input to bypass vali...

7 Rapid Questions on our Belfast Placement Programme: Orla Magee and Paddy McDermott

Ever wonder what it’s like to be an intern at Rapid7 in Belfast? Software Engineers Orla Magee and Paddy McDermott share what the interview process looked like for them, along with impactful projects and advice for others exploring Rapid7’s Placement Programme. What was the interview process like...

N-LINE vulnerable to HTML injection

Overview N-LINE provided by NEUMANN CO.LTD. is an online learning management system for driving schools. N-LINE processes inputs with insufficient check CWE-94, and malicious inputs from an student's device may badly impact the instructor's screen. Ayato Shitomi of Fore-Z co.ltd reported this...

JVN#31982676: MUSASI version 3 performing authentication on client-side

MUSASI provided by NEUMANN CO.LTD. is an e-learning system for driving schools. MUSASI version 3 performs authentication within the client-side code CWE-603, and the client in pre-authentication state retrieves the credential information from the server just when a user ID is input. This behavior...

JVN#57285747: N-LINE vulnerable to HTML injection

N-LINE provided by NEUMANN CO.LTD. is an online learning management system for driving schools. N-LINE processes inputs with insufficient check CWE-94, and malicious inputs from an student's device may badly impact the instructor's screen. Impact Arbitrary code may be executed on the instructor's...