6038 matches found
Campcodes Complete Web-Based School Management System 跨站脚本漏洞
Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A cross-site scripting vulnerability exists in version 1.0 of the Campcodes Complete Web-Based School Management System, which originates from a cross-site scripting vulnerability in...
CVE-2023-50718 NocoDB SQL Injection vulnerability
NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped tablename. This vulnerability may result in leakage of sensitive data in the database. Version 0.202....
PT-2024-26118 · Unknown · Createwiki
Name of the Vulnerable Software and Affected Versions: CreateWiki affected versions not specified Description: The issue allows users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki...
CVE-2024-4317 PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks
Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwi...
CVE-2024-4317
Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwi...
PT-2024-32263 · Unknown · Campcodes Complete Web-Based School Management System
Name of the Vulnerable Software and Affected Versions: Campcodes Complete Web-Based School Management System version 1.0 Description: A problematic issue has been discovered, affecting an unknown function of the file /view/create events.php. The manipulation of the my index argument leads to...
PT-2024-28069
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37 Description The issue is related to the net/mlx5 component of the Linux kernel, where a timeout has been added to acquire the command queue semaphore. This change prevents forced completion handling on an...
DEBIAN-CVE-2024-34490
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...
CVE-2023-41184
TP-Link Tapo C210 ActiveCells Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Tapo C210 IP cameras. Although authentication is required to exploit this vulnerabilit...
CVE-2023-40505
LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists...
SUSE CVE-2024-26954
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smbstrndupfromutf16 If -NameOffset of smb2createreq is smaller than Buffer offset of smb2createreq, slab-out-of-bounds read can happen from smb2open. This patch set the minimum value of the name...
SUSE CVE-2024-26986
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in createprocess failure Fix memory leak due to a leaked mmget reference on an error handling code path that is triggered when attempting to create KFD processes while a GPU reset is in progress...
CVE-2024-33305
SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting XSS via "Middle Name" parameter in Create User...
WordPress plugin Ivory Search 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-26846 · WordPress · The Poll Maker – Best Wordpress Poll Plugin
Name of the Vulnerable Software and Affected Versions: The Poll Maker – Best WordPress Poll Plugin versions up to, and including, 5.1.8 Description: The issue is related to unauthorized access of data due to a missing capability check on the ays poll create author function. This allows...
CVE-2024-33305
SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting XSS via "Middle Name" parameter in Create User...
CVE-2024-33305
SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting XSS via "Middle Name" parameter in Create User...
PT-2024-25195 · Sourcecodester · Sourcecodester Computer Laboratory Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Laboratory Management System version 1.0 Description: The issue is related to Cross Site Scripting XSS via the Middle Name parameter in the Create User function. This allows for potential malicious script injection...
CVE-2024-33305
SourceCodester Laboratory Management System 1.0 is affected by a Cross Site Scripting (XSS) vulnerability via the Middle Name parameter in Create User. The issue is documented across multiple sources, with CVE-2024-33305 noting an XSS path and a CVSS v3.1 base score of 6.1 (Network attack vector,...
CVE-2024-33306
SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting XSS via "First Name" parameter in Create User...