CVE-2024-41435

YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter...

FeehiCMS User[avatar] unrestricted upload

A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument Useravatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been...

GHSA-XP68-7G33-F49M FeehiCMS User[avatar] unrestricted upload

A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument Useravatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been...

SUSE CVE-2024-44939

In the Linux kernel, the following vulnerability has been resolved: jfs: fix null ptr deref in dtInsertEntry syzbot reported general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 1 PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range...

UBUNTU-CVE-2024-44939

In the Linux kernel, the following vulnerability has been resolved: jfs: fix null ptr deref in dtInsertEntry syzbot reported general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 1 PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range...

SUSE CVE-2023-52900

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfsbtreeinsert If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling nilfsbtreegetblock against an invalid virtual block address, it returns -ENOENT...

DEBIAN-CVE-2023-52900

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfsbtreeinsert If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling nilfsbtreegetblock against an invalid virtual block address, it returns -ENOENT...

UBUNTU-CVE-2023-52900

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfsbtreeinsert If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling nilfsbtreegetblock against an invalid virtual block address, it returns -ENOENT...

CVE-2024-42570

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at admininsert.php...

PT-2024-30031 · Unknown · School Management System

Name of the Vulnerable Software and Affected Versions: School Management System affected versions not specified Description: A SQL injection issue was found in the School Management System via the medium parameter at the "admininsert.php" endpoint. This allows for potential exploitation. No...

School-Management-System 安全漏洞

School-Management-System is a school management system by the individual developer Jyothi Babu Araja. A security vulnerability exists in School-Management-System due to an SQL injection vulnerability in the medium parameter of the admininsert.php page...

PT-2024-11506 · WordPress · Adrotate Banner Manager

Name of the Vulnerable Software and Affected Versions: The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress versions up to, and including, 5.13.2 Description: The issue is related to arbitrary file uploads due to missing file extension sanitization in the adrotate...

PT-2024-30032 · Unknown · School Management System

Name of the Vulnerable Software and Affected Versions: School Management System affected versions not specified Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the medium parameter at the "insertattendance.php" endpoint. Recommendations:...

CVE-2024-43275

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Collision with another CVE...

CVE-2024-43275

The CVE-2024-43275 entry maps to a CSRF vulnerability in the WordPress plugin “Insert PHP Code Snippet” (versions

CVE-2024-7420

The Insert PHP Code Snippet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation in the /admin/snippets.php file. This makes it possible for unauthenticated attackers to activate/deactiva...

WordPress plugin Insert PHP Code Snippet 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress Insert PHP Code Snippet Plugin <= 1.3.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Insert PHP Code Snippet Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43275 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f6953adb666a Credits Rafie...

CVE-2024-7635

A vulnerability was found in code-projects Simple Ticket Booking 1.0. It has been classified as critical. Affected is an unknown function of the file registerinsert.php of the component Registration Handler. The manipulation of the argument name/email/dob/password/Gender/phone leads to sql...

PT-2024-6828 · Sap · Sap Shared Service Framework

Name of the Vulnerable Software and Affected Versions: SAP Shared Service Framework affected versions not specified Description: The issue is related to insufficient authorization procedures in the SAP Shared Service Framework, allowing a remote attacker to elevate their privileges. An...