WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.4.0 - Missing Authorization to Authenticated (Subscriber+) Logo Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Logo Deletion vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Print Invoice & Delivery Notes for WooCommerce versions = 5.4.0...

CVE-2024-56313

A stored cross-site scripting XSS vulnerability in the Calendar feature of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of...

CVE-2024-56311

REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery CSRF attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This...

REDCap 安全漏洞

REDCap is a data collection and management web application from the REDCap open source. A security vulnerability exists in REDCap 15.0.0 and earlier versions, which stems from a failure to effectively secure the input content of the Notes field of Calendar, making it susceptible to a stored...

libsemanage bug fix and enhancement update

An update is available for libsemanage. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab, the map may still be accessed by non-sleepable program or sleepable program. However bpfmapfdputptr...

CVE-2024-55231

An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify notes belonging to other accounts due to missing authorization checks. This flaw exposes sensitive data and enables attackers to alter another user's...

CVE-2024-55232

An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete notes belonging to other accounts due to missing authorization checks. This flaw enables attackers to delete another user's information...

CVE-2024-55231

An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify notes belonging to other accounts due to missing authorization checks. This flaw exposes sensitive data and enables attackers to alter another user's...

CVE-2024-52591

CVE-2024-52591 affects Misskey, where missing validation in ApRequestService.signedGet and HttpRequestService.getActivityJson allows forging of user profiles and notes across instances. The attack can impersonate both users and federated peers, with forged objects accepted as valid and full inter...

CVE-2024-52591 Missing validation allows spoofed profiles and notes in Misskey

Misskey is an open source, federated social media platform. In affected versions missing validation in ApRequestService.signedGet and HttpRequestService.getActivityJson allows an attacker to create fake user profiles and forged notes. The spoofed users will appear to be from a different instance...

CVE-2024-52591 Missing validation allows spoofed profiles and notes in Misskey

Misskey is an open source, federated social media platform. In affected versions missing validation in ApRequestService.signedGet and HttpRequestService.getActivityJson allows an attacker to create fake user profiles and forged notes. The spoofed users will appear to be from a different instance...

CVE-2024-52591 Missing validation allows spoofed profiles and notes in Misskey

Misskey is an open source, federated social media platform. In affected versions missing validation in ApRequestService.signedGet and HttpRequestService.getActivityJson allows an attacker to create fake user profiles and forged notes. The spoofed users will appear to be from a different instance...

CVE-2024-52593 Missing validation allows spoofed "origin" links in Misskey

Misskey is an open source, federated social media platform.In affected versions missing validation in NoteCreateService.insertNote, ApPersonService.createPerson, and ApPersonService.updatePerson allows an attacker to control the target of any "origin" links such as the "view on remote instance"...

BIT-GITLAB-2024-8650 Incorrect Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...

PHPGurukul Online Notes Sharing Management System 安全漏洞

PHPGurukul Online Notes Sharing Management System is an online notes sharing management system from PHPGurukul Inc. A security vulnerability exists in PHPGurukul Online Notes Sharing Management System v1.0, which stems from a lack of authorization checking and an IDOR vulnerability that allows...

PT-2024-36498 · Unknown · Phpgurukul Online Notes Sharing Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Notes Sharing Management System version 1.0 Description: The issue is related to an IDOR vulnerability in the manage-notes.php module, which lacks authorization checks. This allows unauthorized users to delete notes belongin...

PHPGurukul Online Notes Sharing Management System 安全漏洞

PHPGurukul Online Notes Sharing Management System is an online notes sharing management system from PHPGurukul Inc. A security vulnerability exists in PHPGurukul Online Notes Sharing Management System v1.0, which stems from a lack of authorization checking and an IDOR vulnerability that allows...

Misskey 输入验证错误漏洞

Misskey is a perpetually free open source federated social media platform from Misskey Open Source. An input validation error vulnerability exists in Misskey version 2024.10.1 and earlier, which stems from a lack of validation that could allow an attacker to create fake user profiles and forged...

CVE-2024-55231

An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify notes belonging to other accounts due to missing authorization checks. This flaw exposes sensitive data and enables attackers to alter another user's...