CVE-2024-30886

A stored cross-site scripting XSS vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter...

CVE-2024-31666

An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the editaddonpost.php component...

CVE-2024-29661

A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload...

CVE-2024-27975

An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...

CVE-2024-25000

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...

CVE-2024-24994

CVE-2024-24994 describes a path traversal vulnerability in the web component of Ivanti Avalanche prior to version 6.4.3. An authenticated remote attacker can exploit this to execute arbitrary commands as SYSTEM. The issue is the result of improper path validation and restricted directory enforcem...

CVE-2024-27975

CVE-2024-27975 : Ivanti Avalanche’s WLAvalancheService (on Ivanti Avalanche before 6.4.3) suffers a use-after-free that can allow a remote authenticated attacker to execute arbitrary commands as SYSTEM. The vulnerability enables remote code execution and is associated with the service listening b...

CVE-2024-27975

An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...

CVE-2024-32409

An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script...

CVE-2023-50009

FFmpeg vulnerability CVE-2023-50009: a heap-based buffer overflow is triggered in the ff_gaussian_blur_8 function (libavfilter/edge_template.c:116:5) on FFmpeg v.n6.1-3-g466799d4f5. The issue is locally exploitable (LOCAL attack vector, no user interaction) with high impact (I/H; A high), as desc...

CVE-2024-30922

SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering...

CVE-2024-30927

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component...

ROS-20240418-08

A vulnerability in the Browserify-sign cryptographic functionality duplication package is related to the upper bound check in the dsaVerify function. Exploitation of the vulnerability could allow an attacker, acting remotely, to create signatures that can be successfully verified by any public ke...

CVE-2020-22539

An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-28556

SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin-manage-user.php...

CVE-2024-28558

SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin/app/webcrud.php...

CVE-2020-22539

An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2020-22539

CVE-2020-22539 : An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code by uploading a crafted file. Multiple sources (NVD, Red Hat, CNNVD, CVE lists, PT Security) confirm the issue and affected product/version. The primary...

QEMU Resource Management Error Vulnerability (CNVD-2024-20282)

QEMU Quick Emulator is a set of simulation processor software. The software is fast and cross-platform. A resource management error vulnerability exists in QEMU virtio, which stems from a double-release vulnerability in virtio-gpu, virtio-serial-bus, and virtio-crypto, with an insufficient...

CVE-2024-30729

This CVE entry is rejected/not used and does not represent an active vulnerability entry.