CVE-2024-26823 irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems While refactoring the way the ITSs are probed, the handling of quirks applicable to ACPI-based platforms was lost. As a result, systems such as HIP07 lose their GIC...

PT-2024-23709 · Unknown · Phpgurukul Complaint Management System

Name of the Vulnerable Software and Affected Versions: phpgurukul Client Management System version 1.1 Description: The issue allows attackers to execute arbitrary code and obtain sensitive information via the "Search bar" in the /search-invoices.php endpoint. This is a Cross Site Scripting...

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Config

Summary Cleber offers a powerful, flexible and modular hardware and software platform for broadcasting and contribution networks where customers can install up to six boards with no limitations in terms of position or number. Based on a Linux embedded OS, it detects the presence of the boards and...

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config

Summary The REBLE610 features an accurate hardware design, absence of internal cabling and full modularity. The unit is composed by a basic chassis with 4 extractable boards which makes maintenance and critical operations, like frequency modification, easy and efficient. The modular approach has...

Integer Overflow

GTKWave 3.3.115 is vulnerable to an Integer overflow. The vulnerability is due to not allocating enough memory to stringlens array in LXT2 numdictentries functionality. A specially crafted .lxt2 file can lead to arbitrary code execution when opened by a victim...

CVE-2024-29837

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in...

CVE-2024-29837

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in...

CVE-2024-29837 Poor session management in Evolution Controller allows administrator functionality for unauthenticated connections

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in...

CVE-2024-29837

In Evolution Controller, the Web interface vulnerability CVE-2024-29837 affects Versions 2.04.560.31.03.2024 and earlier. The root cause is poor session management, enabling an unauthenticated attacker to access administrator functionality if any other user is already signed in. This is evidenced...

PT-2024-23074

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below Description The Web interface of Evolution Controller uses poor session management, allowing an unauthenticated attacker to access administrator functionality if any other user is...

PT-2024-27714 · Unknown · Phpgurukul/Itsourcecode News Portal

Name of the Vulnerable Software and Affected Versions: PHPGurukul/itsourcecode News Portal version 4.1 Description: A critical issue has been found in the processing of the file search.php, where the manipulation of the searchtitle argument leads to sql injection. The attack may be initiated...

PT-2024-15226 · WordPress · Everest Backup

Name of the Vulnerable Software and Affected Versions: The Everest Backup WordPress plugin versions prior to 2.2.5 Description: The issue allows high privilege users, such as admins, to upload arbitrary files on the server, even when they should not be allowed to, for example in a multisite setup...

Exploit for Unrestricted Upload of File with Dangerous Type in Openeclass

CVE-2024-31777 | GUnet OpenEclass E-learning platform Unrestri...

OPENSUSE-SU-2024:0106-1 Security update for sngrep

This update for sngrep fixes the following issues: - Update to version 1.8.1 Fix CVE-2024-3119: sngrep: buffer overflow due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. Fix CVE-2024-3120: sngrep: stack-buffer overflow due to inadequate bounds checking when copying 'Content-Lengt...

CVE-2024-3570 Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm

A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to...

CVE-2024-3570 Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm

A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to...

AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability

Talos Vulnerability Report TALOS-2023-1847 AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability April 10, 2024 CVE Number CVE-2024-21979 SUMMARY An arbitrary write vulnerability exists in the Shader Functionality of AMD Radeon DirectX 11 Driver atidxx64.dll...

WordPress Plugin Bold Page Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-30721

CVE-2024-30721 is rejected; this candidate withdrawn and not an active vulnerability entry.

AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability

Talos Vulnerability Report TALOS-2023-1848 AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability April 10, 2024 CVE Number CVE-2024-21972 SUMMARY An arbitrary write vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll...