CVE-2024-32892

In handleinit of goodix/main/main.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-32869

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStatic with deno, it is possible to traverse the directory where main.ts is located. This can result in retrieval of unexpected files. Version 4.2.7 contains a patch for t...

CVE-2024-34246

wasm3 v0.5.0 was discovered to contain an out-of-bound memory read which leads to segmentation fault via the function "main" in wasm3/platforms/app/main.c...

CVE-2023-3097

A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been rated as critical. This issue affects the function setMainSource. The manipulation leads to os command injection. Local access is required to approach this attack. The exploit has been disclosed to the public...

CVE-2023-22735

Zulip is an open-source team collaboration tool. In versions of zulip prior to commit 2f6c5a8 but after commit 04cf68b users could upload files with arbitrary Content-Type which would be served from the Zulip hostname with Content-Disposition: inline and no Content-Security-Policy header, allowin...

CVE-2023-42807

Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the main branch. Users won't face this issue if they are using the latest main branch of the app...

CVE-2023-23019

Cross site scripting XSS vulnerability in file main.php in sourcecodester oretnom23 Blog Site 1.0 via the name and email parameters to function useradd....

CVE-2023-1556

A vulnerability was found in SourceCodester Judging Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file summaryresults.php. The manipulation of the argument maineventid leads to sql injection. The attack can be launched...

CVE-2023-1575

The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2022-41522

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain an unauthenticated stack overflow via the "main" function...

CVE-2022-41434

EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /lilac/main.php...

CVE-2022-39270

DiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled categories and have sufficient trust level - configured in component's settings are able to inject arbitrary HTML on that topic's page. The issue has been fixed on th...

CVE-2021-39689

In multiple functions of odsignmain.cpp, there is a possible way to persist system attack due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2020-35275

Coastercms v5.8.18 is affected by cross-site Scripting XSS. A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application...

CVE-2020-20665

rudp v0.6 was discovered to contain a memory leak in the component main.c...

CVE-2015-10028

A vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerability affects unknown code of the file js/roomElement.js of the component Main Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is...

grpo-flat 代码问题漏洞

grpo-flat is a tool for training grpo using zero dataset and low resources by XU-YIJIE personal developer. A code issue vulnerability exists in grpo-flat that stems from improper handling of the function main in the file grpovanilla.py, which could lead to a deserialization attack...

The vulnerability of the ssdpcgi_main function in the binary file cgibin of D-Link DIR-815 router microprogramming software, allowing a hacker to execute any command they desire.

The vulnerability of the ssdpcgimain function in the binary file cgibin of D-Link DIR-815 router microprogramming software is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

itsourcecode Content Management System 安全漏洞

itsourcecode Content Management System is a content management system of itsourcecode open source. A security vulnerability exists in version 1.0 of itsourcecode Content Management System, which originates from improper manipulation of the parameter stopicid in the file...

UBUNTU-CVE-2024-58100

In the Linux kernel, the following vulnerability has been resolved: bpf: check changespktdata property for extension programs When processing calls to global sub-programs, verifier decides whether to invalidate all packet pointers in current state depending on the changespktdata property of the...