CVE-2024-45131 Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on...

Exploit for Command Injection in Avtech Avm1203_Firmware

EN GenAvTechRCEExploit A PoC exploit for the CVE-2024-7029...

MAL-2024-9079 Malicious code in interactive-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eca3bcc821732a02b79cfd930582365b504c50377f31d23b6f2320ebb784914a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

[SECURITY] Fedora 40 Update: python-notebook-7.2.2-1.fc40

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...

[SECURITY] Fedora 41 Update: python-notebook-7.2.2-1.fc41

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...

Fedora 40 : python3.8 (2024-6dedbc5cf9)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6dedbc5cf9 advisory. This is a security release of Python 3.11 ----------------------------------------- Note: The release you're looking at is Python 3.11.10, a securit...

Exploit for Command Injection in Telesquare Tlr-2005Ksh_Firmware

🚀 CVE-2024-29269 Exploit This repository contains an exploit...

Exploit for Reliance on File Name or Extension of Externally-Supplied File in Spip

😈 SPIP BigUp Unauthenticated RCE Exploit 😈 📜 Description...

CVE-2024-5857 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the af2handelfileremove AJAX action in all versions up to, and including, 3.7.3.2. This makes it...

CVE-2024-5857

CVE-2024-5857 affects Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free (WordPress). A missing capability check on the af2_handel_file_remove AJAX action in all versions up to 3.7.3.2 allows unauthenticated attackers to delete arbitrary media files. C...

CVE-2024-8151

A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack...

CVE-2024-8151

A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack...

CVE-2024-8151 SourceCodester Interactive Map with Marker delete-mark.php cross site scripting

A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack...

CVE-2024-8151

CVE-2024-8151 affects SourceCodester Interactive Map with Marker 1.0. The vulnerability is a cross-site scripting in the mark parameter of /endpoint/delete-mark.php, exploitable remotely. Root cause is input manipulation of mark leading to XSS. Exploitation details are disclosed publicly in relat...

CVE-2024-8151 SourceCodester Interactive Map with Marker delete-mark.php cross site scripting

A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack...

SourceCodester Interactive Map with Marker 跨站脚本漏洞

SourceCodester Interactive Map with Marker is an interactive map application with markers from SourceCodester. A cross-site scripting vulnerability exists in SourceCodester Interactive Map with Marker version 1.0, which stems from a cross-site scripting vulnerability in the mark parameter of the...

GO-2023-2097 Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled in github.com/charmbracelet/soft-serve

Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled in github.com/charmbracelet/soft-serve...

CVE-2024-6456

AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL...

CVE-2024-6456 SQL Injection vulnerability in AVEVA Historian Server

AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL...

CVE-2024-6456 SQL Injection vulnerability in AVEVA Historian Server

AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL...