CVE-2024-49333 WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...

PT-2025-2842 · Arprice · Arprice

Name of the Vulnerable Software and Affected Versions: ARPrice versions n/a through 4.0.3 Description: The issue is related to the deserialization of untrusted data, which allows object injection in NotFound ARPrice. Recommendations: For versions n/a through 4.0.3, at the moment, there is no...

CVE-2024-54216

Path Traversal: '.../...//' vulnerability in reputeinfosystems ARForms arforms allows Path Traversal.This issue affects ARForms: from n/a through = 6.4.1...

CVE-2024-54214

Unrestricted Upload of File with Dangerous Type vulnerability in roninwp Revy revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through = 1.18...

CVE-2024-53821

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Genetech Pie Register Premium allows Reflected XSS.This issue affects Pie Register Premium: from n/a before 3.8.3.3...

CVE-2024-53821

CVE-2024-53821 : Reflected Cross-Site Scripting in the WordPress plugin Pie Register Premium (vulnerable:

CVE-2024-54216

CVE-2024-54216 describes a path traversal path traversal vulnerability in ARForms (Repute InfoSystems) affecting ARForms versions up to 6.4.1. The issue enables Arbitrary File Read via a directory-traversal vector (".../...//"). Public sources in the connected documents indicate the vulnerability...

CVE-2024-51794

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sellerthemes Storely storely allows Stored XSS.This issue affects Storely: from n/a through = 14.7...

CVE-2024-51794

CVE-2024-51794 is a Stored XSS vulnerability in WordPress Storely theme (NotFound Storely) due to improper input neutralization during page generation. Affected versions are reported as from n/a through 14.7. The Connected documents corroborate Cross-Site Scripting via input handling and list Sto...

CLSA-2024-1718897210 glibc: Fix of 3 CVEs

CVE-2024-33600: nscd: avoid null pointer crashes after notfound response - CVE-2024-33601: fix memory allocation issue in netgroup cache by replacing xmalloc and xrealloc functions to prevent denial of service - CVE-2024-33602: fix memory corruption in netgroup cache by ensuring all strings are...

CLSA-2024-1718794810 glibc: Fix of 3 CVEs

CVE-2024-33600: nscd: avoid null pointer crashes after notfound response - CVE-2024-33601: fix memory allocation issue in netgroup cache by replacing xmalloc and xrealloc functions to prevent denial of service - CVE-2024-33602: fix memory corruption in netgroup cache by ensuring all strings are...

CVE-2024-33600

nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's nscd cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This...

AZL-40291 CVE-2024-33600 affecting package glibc for versions less than 2.38-11

nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's nscd cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This...

UBUNTU-CVE-2024-33600

nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's nscd cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This...

CVE-2024-33600

CVE-2024-33600 is an in-nscd (Name Service Cache Daemon) null pointer dereference caused by a failure to cache a not-found netgroup response. It affects the nscd binary and was introduced with glibc’s cache feature (glbic 2.15+). Exploitation depends on remote input, but the provided sources do n...

SUSE CVE-2024-33600

nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's nscd cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This...

OESA-2024-1326 bind security update

Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server. Security Fixes: The DNS...

PT-2023-20031 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 4.5.3 Description: A reflected cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the id parameter of the "/churchcrm/v2/family/not-found" API endpoint. This enables attackers t...

OIC Exponent CMS SQL Injection Vulnerability (CNVD-2016-11262)

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. An SQL injection vulnerabilit...

Sql injection

In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection...