CVE-2024-27516

Server-Side Template Injection SSTI vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhcweb/modules/lhfaq/faqweight.php...

Sql injection

SQL injection vulnerability in Dynamic Lab Management System Project in PHP v.1.0 allows a remote attacker to execute arbitrary code via a crafted script...

MikroTik RouterOs Out-of-bounds Read (CVE-2022-45313)

Mikrotik RouterOs before stable v7.5 was discovered to contain an out- of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...

CVE-2023-41506

An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2024-1885

This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG Signage...

CVE-2024-23125 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted SLDPRT file when parsed ODXSWDLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

Out-of-bounds

A maliciously crafted MODEL file in libodxdll.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process...

CVE-2024-26483

An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file...

Ubuntu: Security Advisory (USN-6648-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-6584-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sql injection

SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parameter in exportskos.php...

USN-6584-2: Libspf2 vulnerabilities

USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding updates for CVE-2021-33912 and CVE-2021-33913 in Ubuntu 16.04 LTS. We apologize for the inconvenience. Original advisory details: Philipp Jeitner and Haya Shulman discovered...

CVE-2024-25249

An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings...

Schneider Electric EcoStruxure IT Gateway Hard-Coded Credentials Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

CVE-2024-25274

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-22824

An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component...

KLA64089 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, gain privileges, obtain sensitive information, bypass security restrictions, execute arbitrary code. Below is a complete list of...

Security Bulletin: IBM Maximo Application Suite uses traverse-7.20.13.tgz which is vulnerable to CVE-2023-45133

Summary IBM Maximo Application Suite uses traverse-7.20.13.tgz which is vulnerable to CVE-2023-45133. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-45133 DESCRIPTION: Babel could allow a local attacker to execute arbitrary cod...

SAP ABA Code Injection Vulnerability

SAP ABA Application Basis is an application transaction management system developed by SAP. A code injection vulnerability exists in the SAP ABA Application Basis interface, which can be exploited by a remote attacker to submit a special request that can be used to execute arbitrary code in the...

CVE-2024-25298

An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php...