PT-2024-18273 · Van Der Schaar · Van Der Schaar Lab Autoprognosis

Name of the Vulnerable Software and Affected Versions: van der Schaar LAB AutoPrognosis version 0.1.21 Description: A critical vulnerability was found in the function load model from file of the component Release Note Handler. The manipulation leads to deserialization. The attack can be initiated...

CVE-2024-25221

A cross-site scripting XSS vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php...

CVE-2024-25221

A cross-site scripting XSS vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php...

Cross site scripting

A cross-site scripting XSS vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php...

CVE-2024-25221

A cross-site scripting XSS vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php...

CVE-2024-25221

CVE-2024-25221 affects Task Manager App v1.0, where a reflected XSS can be triggered via the Note Section parameter in /TaskManager/Tasks.php. The CVE entry lists a CVSS v3.1 base score of 6.1 (Medium) with network attack vector, low attack complexity, no privileges, user interaction required, an...

Number withdrawn

SourceCodester Employee Management System is a php-based website builder for employee performance management from SourceCodester, USA. The CVE number has been withdrawn...

CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service...

2vyper (=0.3.0), ape-dasy (=0.1.0) +28 more potentially affected by CVE-2024-24559 via vyper (>=0.1.0b12 <=0.3.9)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.6 and more Source cves: CVE-2024-24559 Source advisory: OSV:GHSA-6845-XW22-FFXV...

CherryTree Impostor Dubbed CherryLoader Makes Its Move

Summary: CherryLoader, a new Go-based downloader, has surfaced in cyber attacks, masquerading as the legitimate CherryTree note-taking app. This sophisticated threat infiltrates compromised hosts, delivering malicious payloads such as privilege escalation tools for exploitation and persistent...

CVE-2023-6633 Site Notes <= 2.0.0 - Admin Note Deletion via CSRF

The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks...

CVE-2024-21620

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's...

CVE-2023-0479

The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the editothersshoporders capability...

Cross site scripting

The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the editothersshoporders capability...

CVE-2023-0479

The CVE-2023-0479 entry affects the WordPress plugin Print Invoice & Delivery Notes for WooCommerce, prior to version 4.7.2. The issue is a reflected XSS vulnerability in an admin note on the WooCommerce orders page, caused by echoing a GET value after a urldecode() cleanup (post-esc_url_raw()), ...

CVE-2023-50072

A Stored Cross-Site Scripting XSS vulnerability exists in OpenKM version 7.1.40 dbb6e88 With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the XSS...

Cross site scripting

A Stored Cross-Site Scripting XSS vulnerability exists in OpenKM version 7.1.40 dbb6e88 With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the XSS...

CVE-2023-50072

A Stored Cross-Site Scripting XSS vulnerability exists in OpenKM version 7.1.40 dbb6e88 With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the XSS...

Site Notes <= 2.0.0 - Admin Note Deletion via CSRF

Description The plugin does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks Have an administrator open the following HTML file:...

PT-2024-15379 · Ai Magic · Ai Magic

Name of the Vulnerable Software and Affected Versions: Magic-Api versions up to 2.0.1 Description: A critical vulnerability has been found in Magic-Api, affecting an unknown functionality of the file "/resource/file/api/save?auto=1". The manipulation leads to code injection, and the attack can be...