PT-2025-4051 · Unknown · Esafenet Cdg V5

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG V5 Description: A critical issue has been found in ESAFENET CDG V5, affecting some unknown processing of the file /sdDoneDetail.jsp. The manipulation of the flowId argument leads to SQL injection. The attack may be initiated...

USN-7228-1: LibreOffice vulnerabilities

Thomas Rinsma discovered that LibreOffice incorrectly handled paths when processing embedded font files. If a user or automated system were tricked into opening a specially crafted LibreOffice file, a remote attacker could possibly use this issue to create arbitrary files ending with ".ttf"...

DEBIAN-CVE-2024-27856

The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a file may lead to unexpected app termination or arbitrary code execution...

UBUNTU-CVE-2024-27856

The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a file may lead to unexpected app termination or arbitrary code execution...

CVE-2024-13036

CVE-2024-13036: Affects code-projects Chat System 1.0. The vulnerability lies in /admin/update_room.php where manipulation of the id/name/password parameters enables SQL injection due to insufficient input validation. The attack can be initiated remotely and an exploit has been disclosed publicly...

The vulnerability of the Teamcenter Visualization lifecycle management system and the Siemens Tecnomatix Plant Simulation software environment, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of the Teamcenter Visualization lifecycle management system and the Siemens Tecnomatix Plant Simulation software environment relates to the execution of operations beyond the buffer in memory when processing WRL files. Exploiting this vulnerability could allow an attacker to...

CVE-2024-11820

CVE-2024-11820 affects the open-source project Code-Projects Crud Operation System 1.0 . The vulnerability is a cross-site scripting (XSS) flaw in the handling of the saddress parameter of the file /add.php . The root cause is indicated as the manipulation of this argument leading to XSS. The iss...

CVE-2024-11742

A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0. This issue affects some unknown processing of the file /rental/ajax.php?action=savetenant. The manipulation of the argument lastname/firstname/middlename leads to cross...

Hugging Face Transformers 代码问题漏洞

Hugging Face Transformers is advanced natural language processing built for Jax, PyTorch and TensorFlow. A code issue vulnerability exists in Hugging Face Transformers that stems from improper data validation in model file processing, which could lead to untrusted data deserialization and allow a...

CVE-2024-11256

CVE-2024-11256 details (NORMAL) : Affects 1000 Projects Portfolio Management System MCA 1.0. The vulnerability is a SQL injection in the login.php flow caused by unsafely handling the username parameter, enabling remote abuse. Descriptions consistently classify this as critical with potential rem...

webkitgtk: Processing a file may lead to unexpected app termination or arbitrary code execution

A flaw was found in WebKitGTK. Processing malicious web content can cause unexpected app termination or arbitrary code execution due to improper checks...

Fedora 37 : nginx (2022-12721789aa)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-12721789aa advisory. Security: processing of a specially crafted mp4 file by the ngxhttpmp4module might cause a worker process crash, worker process memory disclosure, o...

CVE-2024-11070

CVE-2024-11070 affects Sanluan PublicCMS 5.202406.d. The issue is a cross-site scripting vulnerability in the Tag Type Handler, specifically in the /admin/cmsTagType/save endpoint where manipulation of the argument name enables XSS. The vulnerability can be triggered remotely and the exploit has ...

CVE-2024-10809

CVE-2024-10809 impacts the Code-Projects E-Health Care System v1.0. The vulnerability lies in the web endpoint /Doctor/chat.php, where manipulating the parameters name (and by indication, also message ) enables an SQL injection. This remote-access issue is described across multiple sources (NVD, ...

CVE-2024-10730

A vulnerability, which was classified as critical, has been found in Tongda OA up to 11.6. This issue affects some unknown processing of the file /pda/appcenter/webshow.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2024-10618

CVE-2024-10618 affects Tongda OA 2017 up to 11.10. The vulnerability is a SQL injection in the repid parameter of /pda/reportshop/record_detail.php, exploitable remotely. Public exploit disclosure is noted. Connected sources (Red Hat/CVE lists, CNNVD, PT-Security, and Vuldb) consistently describe...

CVE-2024-44144

A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, watchOS 11, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to unexpected app termination...

CVE-2024-44218

This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1. Processing a maliciously crafted file may lead to heap corruption...

webkitgtk: Processing a file may lead to unexpected app termination or arbitrary code execution

A flaw was found in WebKitGTK. Processing malicious web content can cause unexpected app termination or arbitrary code execution due to improper checks...

CVE-2024-10416

The CVE-2024-10416 vulnerability affects Code-Projects Blood Bank Management System 1.0, in the processing of /file/cancel.php. The root cause is improper handling of the reqid parameter, leading to SQL injection. Exploitation can be remote, and public disclosure exists. No patch/version details ...