CVE-2024-48204

SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script...

CVE-2024-48581

File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the adminclass.php component...

CVE-2024-48655

An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file...

CVE-2024-48655

An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file...

CVE-2024-40493

Null Pointer Dereference in coapclientexchangeblockwise2 function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes coapmsggetpayloadresp to return a null pointer, which is then...

GHSA-6C4V-X9V2-RJM8 Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget

Cross-site request forgery CSRF vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to 1 change us...

CVE-2024-26272

Cross-site request forgery CSRF vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to 1 change user passwords, 2...

CVE-2024-26271

Cross-site request forgery CSRF vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to 1 change us...

CVE-2024-26272

Cross-site request forgery CSRF vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to 1 change user passwords, 2...

CVE-2024-26272

Cross-site request forgery CSRF vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to 1 change user passwords, 2...

CVE-2024-46482

An arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Faveo-Helpdesk v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .html or .svg file...

CVE-2024-48659

DCME-320-L firmware versions prior to 9.3.2.114 are affected. The vulnerability lies in the log_u_umount.php component, allowing a remote attacker to execute arbitrary code. Impact is remote code execution with high confidentiality, integrity, and availability consequences. Exploitation details a...

CVE-2024-27766

CVE-2024-27766 describes an issue in MariaDB 11.1 where a remote attacker may execute arbitrary code via the lib_mysqludf_sys.so function. Multiple connected sources confirm remote code execution potential, but note that the MariaDB Foundation disputes the severity/privilege boundary claim, stati...

KLA74117 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Parce...

CVE-2024-48781

The CVE-2024-48781 entry concerns Wanxing Technology Yitu Project Management Kirin Edition 2.3.6. A remote attacker can trigger arbitrary code execution by supplying a specially crafted file to /opt/EdrawProj-2/plugins/imageformat. The issue is described consistently across multiple sources (NVD/...

Adobe Animate Memory Misreference Vulnerability (CNVD-2024-41261)

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from a memory misreference vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

CVE-2024-46088

CVE-2024-46088 affects Zhejiang University Entersoft Customer Resource Management System (v2002–v2024) via the ProductAction.entphone interface. The vulnerability is an arbitrary file upload that allows remote code execution. Root cause: improper file upload handling. Impact: potential full compr...

Adobe Framemaker Code Issue Vulnerability (CNVD-2024-40916)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. A code issue vulnerability exists in Adobe Framemaker. An attacker could exploit this vulnerability to execute...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : libgsf vulnerabilities (USN-7062-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7062-1 advisory. It was discovered that libgsf incorrectly handled certain Compound Document Binary files. If a user or automated system were...

CVE-2024-34668

Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability...