CVE-2024-0980

The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code...

CVE-2024-31063

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field...

CVE-2024-31062

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field...

CVE-2024-23727

CVE-2024-23727 affects the YI Smart Kami Vision (com.kamivision.yismart) Android app via version 1.0.0_20231219. The vulnerability stems from allow­ing an implicit Android intent to WebViewActivity to execute arbitrary JavaScript code, enabling a remote attacker to run JS on the device with no us...

CVE-2024-31064

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field...

Security Bulletin: Multiple Vulnerabilities in IBM Operations Analytics Predictive Insights.

Summary Multiple vulnerabilities were addressed in IBM Operations Analytics Predictive Insights 1.3.6 iFix 8 Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP injection vulnerability in authenticato...

Google Chrome Security Update (stable-channel-update-for-desktop_26-2024-03) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

CVE-2024-25168

SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface...

CVE-2024-29272

Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php...

CVE-2024-29272

Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php...

CVE-2023-48901

A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php...

Ubuntu: Security Advisory (USN-6680-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Tenda AC18 setSchedWifi function buffer overflow vulnerability

The Tenda AC18 is a router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC18 version 15.03.05.05, which originates from the parameter schedStartTime/schedEndTime in the setSchedWifi function of file /goform/openSchedWifi, which fails to correctly validate the...

CVE-2023-52159

A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service grossd daemon crash or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry...

Design/Logic Flaw

An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickleload function of the serialize.py file...

CVE-2024-28424

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpicklematerializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-28425

greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the loadobj function at /templates/pickleutils.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-22396

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service DoS and potentially execute arbitrary code by sending a specially crafted IKEv2 payload...

CVE-2024-28425

greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the loadobj function at /templates/pickleutils.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-28425

greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the loadobj function at /templates/pickleutils.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...