CVE-2024-12883

A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /email.php. The manipulation of the argument email leads to cross site scripting. The attack can be launched remotely. The...

Exploit for Path Traversal in Ghost

CVE-2023-4002 Ghost-Arbitrary-File-Read : The username/email...

CVE-2024-12845

A vulnerability classified as problematic was found in Emlog Pro up to 2.4.1. Affected by this vulnerability is an unknown functionality in the library /include/lib/common.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has...

CVE-2024-56335

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's...

CVE-2024-56335 Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's...

CVE-2024-56335 Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's...

CVE-2022-40732

An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboo...

Reolink Multiple IP Cameras OS Command Injection Vulnerability

Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail" functionality to inject and run OS commands as root...

CVE-2024-9819 IDOR in NextGEO's NG Analyser

Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse. This issue affects NG Analyser: before 2.2.711...

CVE-2024-9819 IDOR in NextGEO's NG Analyser

Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse. This issue affects NG Analyser: before 2.2.711...

CVE-2024-9819

CVE-2024-9819 affects NextGeography NG Analyser. Affects NG Analyser prior to version 2.2.711 due to an Authorization Bypass via a user-controlled key, allowing misuse of functionality. Mitigation: upgrade to NG Analyser 2.2.711 or later. The issue is identified with CVSS3.1 metrics (Network atta...

CVE-2024-55496

A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project 1.0. This issue affects some unknown functionality of addcompany.php. Actions on the delete parameter result in SQL injection...

CVE-2024-54417 WordPress PixProof plugin <= 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in pixelgrade PixProof pixproof allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PixProof: from n/a through = 2.0.1...

CVE-2024-54417 WordPress PixProof plugin <= 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in pixelgrade PixProof pixproof allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PixProof: from n/a through = 2.0.1...

PT-2024-36318 · Unknown · Aphorismus

Name of the Vulnerable Software and Affected Versions: Aphorismus versions 1.2.0 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

OSV-2024-1372 Bad-cast to Assimp::LogStream from Assimp::OptimizeMeshesProcess

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=383595860 Crash type: Bad-cast Crash state: Bad-cast to Assimp::LogStream from Assimp::OptimizeMeshesProcess CallbackToLogRedirector Assimp::DefaultLogger::WriteToStreams...

CVE-2023-41133

Authentication Bypass by Spoofing vulnerability in Michal Novák Secure Admin IP allows Functionality Bypass.This issue affects Secure Admin IP: from n/a through 2.0...

CVE-2023-41133 WordPress Secure Admin IP plugin <= 2.0 - IP Spoofing vulnerability

Authentication Bypass by Spoofing vulnerability in Michal Novák Secure Admin IP allows Functionality Bypass.This issue affects Secure Admin IP: from n/a through 2.0...

GO-2024-3205 Infinite loop in github.com/gomarkdown/markdown

Infinite loop in github.com/gomarkdown/markdown...

Important: Red Hat Enhancement Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.15.0

Errata Advisory for Red Hat OpenShift GitOps v1.15.0. In the upcoming release of Red Hat OpenShift GitOps 1.15, several key components are being upgraded to enhance functionality and performance...