CVE-2024-2497

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

Sql injection

A vulnerability has been found in SourceCodester Online Mobile Management Store 1.0 and classified as critical. This vulnerability affects unknown code of the file viewproduct.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has be...

CVE-2024-0558

CVE-2024-0558 : Affected product is DedeBIZ 6.3.0. The vulnerability occurs in unknown code within the file /admin/makehtml_freelist_action.php, where manipulation of the startid parameter enables SQL injection. The issue can be exploited remotely and the exploit has been disclosed publicly; mult...

CVE-2024-0283

A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file partydetails.php. The manipulation of the argument partyname leads to cross site scripting. The attack can be initiated remotely. The...

CVE-2023-7186 7-card Fakabao notify.php sql injection

A vulnerability was found in 7-card Fakabao up to 1.0build20230805. It has been declared as critical. This vulnerability affects unknown code of the file member/notify.php. The manipulation of the argument outtradeno leads to sql injection. The exploit has been disclosed to the public and may be...

Sql injection

A vulnerability classified as critical was found in Campcodes Online College Library System 1.0. This vulnerability affects unknown code of the file /admin/bookadd.php of the component HTTP POST Request Handler. The manipulation of the argument category leads to sql injection. The attack can be...

CVE-2023-6944

A flaw was found in the Red Hat Developer Hub RHDH. The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gainin...

CVE-2023-6581

A vulnerability has been found in D-Link DAR-7000 up to 20231126 and classified as critical. This vulnerability affects unknown code of the file /user/inc/workidajax.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used...

Moderate: Red Hat Security Advisory: binutils security update

An update for binutils is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Information disclosure

A vulnerability classified as problematic was found in Maiwei Safety Production Control Platform 4.1. This vulnerability affects unknown code of the file /api/DataDictionary/GetItemList. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been...

CVE-2023-6100

Maiwei Safety Production Control Platform 4.1 is affected via the /api/DataDictionary/GetItemList API, where manipulation can disclose information. The issue is reported as remote-exploitable with publicly disclosed exploit details. Several connected sources confirm the exact endpoint and impact,...

binutils security update

An update is available for binutils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The binutils packages provide a collection of binary utilities for the...

ALSA-2023:6593 Moderate: binutils security update

The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fixes: binutils: NULL pointer...

ALSA-2023:6236 Moderate: binutils security update

The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fixes: binutils: NULL pointer...

Moderate: binutils security update

The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fixes: binutils: NULL pointer...

CVE-2023-5837

CVE-2023-5837 affects AlexanderLivanov FotosCMS2 up to 2.4.3 in the Cookie Handler’s profile.php, where manipulating the username argument triggers cross-site scripting. The issue can be exploited remotely; public PoC exists per sources. Risks include unauthorized script execution in affected pag...

delegate ID could differ from the expected order hash if the order hash was manipulated

Lines of code Vulnerability details Impact A malicious user could create an order hash that does not match the actual order data. When the delegate token is created, the actualDelegateId will be different than the requestedDelegateId calculated from the manipulated createOrderHash. But the check...

CVE-2023-4707 Infosoftbd Clcknshop all cross site scripting

A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been declared as problematic. This vulnerability affects unknown code of the file /collection/all. The manipulation of the argument q leads to cross site scripting. The attack can be initiated remotely. VDB-238570 is the identifier...

CVE-2023-38497

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

CVE-2023-4113

A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The identifier of...