GHSA-98H9-727M-44QV Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar

The Drupal project uses the third-party library ArchiveTar, which has released a security improvement that is needed to protect some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The lates...

CVE-2024-4801

A vulnerability was found in Kashipara College Management System 1.0 and classified as critical. This issue affects some unknown processing of the file submitnewfaculty.php. The manipulation of the argument address leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2024-27829

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution...

CVE-2024-27829

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution...

CVE-2024-27829

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution...

CVE-2024-27829

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution...

PT-2024-22069 · Apple · Macos Monterey +7

Name of the Vulnerable Software and Affected Versions: macOS Ventura versions prior to 13.6.7 macOS Monterey versions prior to 12.7.5 iOS versions prior to 16.7.8 iPadOS versions prior to 16.7.8 tvOS versions prior to 17.5 visionOS versions prior to 1.2 iOS versions prior to 17.5 iPadOS versions...

CVE-2024-4717

CVE-2024-4717 affects Campcodes Complete Web-Based School Management System 1.0. A cross-site scripting vulnerability arises from manipulating the name parameter in /model/update_classroom.php, exploitable remotely. The issue is triggered by improper handling of the argument name, enabling user-c...

CVE-2024-4645

A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /Admin/changepassword.php. The manipulation of the argument txtoldpassword/txtnewpassword/txtconfirmpassword leads to cross site scripting...

CVE-2024-4645

The CVE-2024-4645 entry concerns SourceCodester Prison Management System 1.0. Multiple connected sources confirm a cross-site scripting (XSS) vulnerability in /Admin/changepassword.php, triggered by manipulating the txtold_password, txtnew_password, and txtconfirm_password fields. The issue is tr...

CVE-2024-4593

CVE-2024-4593 concerns DedeCMS 5.7, where the vulnerability lies in the file /src/dede/sys_multiserv.php. The issue is described as a cross‑site request forgery (CSRF) that can be triggered remotely, with the exploit publicly disclosed. Several connected sources consistently identify the affected...

CVE-2024-4526

CVE-2024-4526 affects Campcodes Complete Web-Based School Management System 1.0. The issue is a cross-site scripting vulnerability in the month parameter of /view/student_payment_details3.php. Attack could be initiated remotely and the exploit has been publicly disclosed. Multiple connected sourc...

USN-6744-1 pillow vulnerability

Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ICC file, an attacker could possibly use this issue to cause a deni...

CVE-2018-25101

A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file /cgi-bin/koha/opac-MARCdetail.pl. The manipulation of the argument biblionumber with the input 2" leads to cross site scripting. The...

CVE-2024-3721

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=SOSTREAMAX. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely...

CVE-2024-3721 TBK DVR-4104/DVR-4216 os command injection

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=SOSTREAMAX. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely...

CVE-2024-3617

Summary of CVE-2024-3617 : A SQL injection vulnerability affects SourceCodester Kortex Lite Advocate Office Management System 1.0, specifically in the file /control/deactivate_case.php where manipulating the argument id enables injection. The issue is exploitable remotely over the network with li...

CVE-2024-3524

A vulnerability, which was classified as problematic, has been found in Campcodes Online Event Management System 1.0. This issue affects some unknown processing of the file /views/process.php. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotel...

CVE-2024-3432

A vulnerability was found in PuneethReddyHC Event Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /backend/register.php. The manipulation of the argument eventid/fullname/email/mobile/college/branch leads to sql injection. The attack may be...

The vulnerabilities of the LoadIndexFile() and DownloadIndexFile() functions in the repo package, as well as the LoadDir() function in the plugin package of the Kubernetes Helm package manager, allow a malicious actor to cause service interruptions.

The vulnerability of the LoadIndexFile and DownloadIndexFile functions in the repo package, as well as the LoadDir function in the plugin package of the Kubernetes Helm package manager, is related to the use of uninitialized variables during the processing of index.yaml and plugin.yaml files...