CVE-2024-5622 Untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL

An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL = R 4.2.-07P3 and = R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges...

Dell Client BIOS Improper Input validation (DSA-2024-260)

Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to code execution. Note that Nessus has not tested for this issue but has instead relied only on t...

CVE-2024-42770

A Stored Cross Site Scripting XSS vulnerability was found in "/core/signupuser.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "useremail" parameter...

Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-2255)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-42563

An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file...

CVE-2024-42676

File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component...

CVE-2024-27730

Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature...

Ubuntu: Security Advisory (USN-6961-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : BusyBox vulnerabilities (USN-6961-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6961-1 advisory. It was discovered that BusyBox did not properly validate user input when performing certain arithmetic operations. If a user or...

CVE-2024-40500

Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component...

CVE-2024-41577

CVE-2024-41577 affects productinfoquick v1.0 via the Ueditor component. The vulnerability is an arbitrary file upload that allows code execution when uploading a crafted PNG. Public documentation from multiple feeds confirms the affected software/component: productinfoquick v1.0, Ueditor, and the...

CVE-2024-34612

Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code...

CVE-2024-34614

Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code...

KLA71396 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Inappropriate implementation vulnerability in V8 can be exploited to cause denial of service...

CVE-2024-40498

SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attacker to execute arbitrary code via the register.php...

USN-6932-1: OpenJDK 21 vulnerabilities

It was discovered that the Hotspot component of OpenJDK 21 was not properly bounding certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2024-21131 It was discovered that the Hotspot...

Ubuntu: Security Advisory (USN-6929-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PaperCut NG pc-web-print Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the pc-web-print...

CVE-2024-41304

An arbitrary file upload vulnerability in the uploadFileAction function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file...

CVE-2024-41304

An arbitrary file upload vulnerability in the uploadFileAction function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file...