CVE-2024-55231

An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify notes belonging to other accounts due to missing authorization checks. This flaw exposes sensitive data and enables attackers to alter another user's...

CVE-2024-55232

An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete notes belonging to other accounts due to missing authorization checks. This flaw enables attackers to delete another user's information...

CVE-2024-55232

CVE-2024-55232 describes an IDOR vulnerability in the PHPGurukul Online Notes Sharing Management System v1.0, specifically in the manage-notes.php module. The root cause is missing authorization checks that permit unauthorized users to delete notes belonging to other accounts. The impact, as stat...

CVE-2024-55231

CVE-2024-55231 describes an IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0, caused by missing authorization checks. This allows unauthorized users to modify notes belonging to other accounts, exposing data and enabling alteration of anoth...

CVE-2024-56120

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-12480

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been classified as critical. Affected is the function searchTopic of the file wetech-cms-master\wetech-core\src\main\java\tech\wetech\cms\dao\TopicDao.java. The manipulation of the argument con leads to sql injection. It is possible...

OESA-2024-2504 golang security update

. Security Fixes: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.CVE-2024-34156...

CVE-2024-53268

Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows...

CVE-2024-53268

CVE-2024-53268 affects Joplin where openExternal is used without URI scheme filtering, enabling remote code execution on Windows environments. Affected versions exposed via this weakness; remediation is to upgrade to Joplin 3.0.3 or later. Some connected sources indicate a proof-of-concept exists...

CVE-2024-53251

REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used...

WordPress plugin wp_automatic_widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Low: unbound

Issue Overview: unbound: NULL Pointer Dereference in Unbound CVE-2024-43167 unbound: Heap-Buffer-Overflow in Unbound CVE-2024-43168 Affected Packages: unbound Issue Correction: Run dnf update unbound --releasever 2023.6.20241111 or dnf update --advisory ALAS2023-2024-760 --releasever...

BELL-CVE-2024-50091

Bulletin has no description...

AZL-52511 CVE-2024-50120 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: smb: client: Handle kstrdup failures for passwords In smb3reconfigure, after duplicating ctx-password and ctx-password2 with kstrdup, we need to check for allocation failures. If ses-password allocation fails, return -ENOMEM. If...

Xerox Printers Authenticated Remote Code Execution Vulnerability

Various Xerox printers, such as models EC80xx, AltaLink, VersaLink, and WorkCentre, suffer from an authenticated remote code execution vulnerability. ======================================================================= title: Authenticated Remote Code Execution product: Multiple Xerox printers...

CVE-2024-49767

Werkzeug is a Web Server Gateway Interface web application library. Applications using werkzeug.formparser.MultiPartParser corresponding to a version of Werkzeug prior to 3.0.6 to parse multipart/form-data requests e.g. all flask applications are vulnerable to a relatively simple but effective...

Malicious code in 52qr42 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e559619ab6112e5213407ad80e432cfb2f9143718e79a18bf5c4f94d26ecf0d6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Oracle Critical Patch Update Advisory - October 2024

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

com.charlyghislain.keycloak:keycloak-importexport (=21.0.0), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +79 more potentially affected by CVE-2024-8883 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=22.0.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.0.1, =1.3.2, =1.3.6 - io.github.jeff-tian:keycloak-phone-provider =2.3.10 and more Source cves: CVE-2024-8883 Source advisor...

PT-2024-38029

Name of the Vulnerable Software and Affected Versions Sharp NEC Projectors NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P525ULJL, NP-P525WL, NP-P525WL+, NP-P525WLG, NP-P525WLJL, NP-CG6500UL, NP-CG6500WL, NP-CG6700UL, NP-P605UL, NP-P605UL+, NP-P605ULG, NP-P605ULJL,...