7047 matches found
VulnCheck KEV: CVE-2024-4434
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘termid’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
Juniper Junos OS Vulnerability (JSA79184)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA79184 advisory. - A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon l2ald of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker ...
CVE-2024-33912
Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16...
PT-2024-25545 · Unknown · Academy Lms
Name of the Vulnerable Software and Affected Versions: Academy LMS versions 1.9.16 and earlier Description: The issue is related to a Missing Authorization vulnerability in Academy LMS. Recommendations: For versions 1.9.16 and earlier, update to a version that includes a fix for this issue, as no...
编号撤回
Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. This CVE number has been withdrawn...
CVE-2024-34072 Deserialization of Untrusted Data in sagemaker-python-sdk
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.basedeserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently ma...
Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds
A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit activity and money laundering, including detecting criminal proceeds sent to a crypto exchange and previously unknown wallets belonging to a Russian darknet marke...
CVE-2024-4349
A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be...
CVE-2024-4349 SourceCodester Pisay Online E-Learning System controller.php unrestricted upload
A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be...
CVE-2024-4349 SourceCodester Pisay Online E-Learning System controller.php unrestricted upload
A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be...
CVE-2024-4349
CVE-2024-4349 affects SourceCodester Pisay Online E-Learning System 1.0. The vulnerability lies in the /lesson/controller.php file where manipulating the file parameter leads to unrestricted uploads. It can be exploited remotely, and publicly disclosed exploit information exists (VDB-262489). Rem...
Pisay Online E-Learning System 代码问题漏洞
Sourcecodester Pisay Online E-Learning System is an online e-learning system based on PHP and MySQL. A code issue vulnerability exists in Pisay Online E-Learning System version 1.0, which stems from the parameter file in the file /lesson/controller.php that can lead to unrestricted uploads...
Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023
Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year. The tech giant also said it blocked 333,000 bad accounts from the app...
relate 安全漏洞
Relate is a web-based learning and teaching environment. A security vulnerability exists in versions prior to relate 2024.1, which stems from a Template Injection SSTI vulnerability in the Batch Issue Exam Tickets feature...
Relate Learning And Teaching System SSTI / Remote Code Execution Vulnerability
Relate Learning and Teaching System versions prior to 2024.1 suffers from a server-side template injection vulnerability that leads to remote code execution. This particular finding targets the Batch-Issue Exam Tickets function. Exploit Title: Relate Learning And Teaching system Version before...
Relate Learning And Teaching System SSTI / Remote Code Execution
Exploit Title: Relate Learning And Teaching system Version before 2024.1 SSTIBatch-Issue Exam Tickets function lead to RCE Date: 24/04/2024 Exploit Author: kai6u Vendor Homepage: https://github.com/inducer/ Software Link: https://github.com/inducer/relate Affected Version:before 2024.1...
Relate 安全漏洞
Relate is a web-based learning and teaching environment. A security vulnerability exists in Relate versions prior to 2024.1 that stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability...
Relate 安全漏洞
Relate is a web-based learning and teaching environment. A security vulnerability exists in Relate versions prior to 2024.1 that stems from the presence of a stored cross-site scripting XSS vulnerability...
Relate Learning And Teaching System SSTI / Remote Code Execution
Exploit Title: Relate Learning And Teaching system Version before 2024.1 SSTIMarkup Sandbox function lead to RCE Date: 19/04/2024 Exploit Author: kai6u Vendor Homepage: https://github.com/inducer/ Software Link: https://github.com/inducer/relate Affected Version:before 2024.1...
Mlflow Path Traversal Vulnerability
Mlflow is an open source platform for the machine learning lifecycle. Mlflow suffers from a path traversal vulnerability that stems from improper handling of URL parameters. An attacker can use this vulnerability to gain access to a file or directory...