Ubuntu: Security Advisory (USN-7667-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2024:2875-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-30525

Technical details about CVE-2024-30525 are not provided in the supplied documents. Public information on affected versions and impact is not confirmed here; monitor for official advisories from vendors and CVE databases.

CVE-2024-37057

MLflow vulnerability CVE-2024-37057 affects MLflow platform versions 2.0.0rc0 and later, where deserialization of untrusted data can occur during interaction with a maliciously uploaded TensorFlow model, allowing arbitrary code execution on an end user’s system. The issue is tied to how MLflow lo...

CVE-2024-2382

CVE-2024-2382 affects the Authorize.net Payment Gateway For WooCommerce plugin for WordPress. The root cause is that the plugin does not properly verify the authenticity of the request that updates an order’s payment status, enabling an unauthenticated attacker to set the status to paid and bypas...

CVE-2024-36568

Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=. The root cause is unsanitized input in the id parameter, enabling attackers to manipulate queries. This vulnerability is rated critical (CVSS 3.1: 9.8) with potential impact on confiden...

CVE-2024-35635

CVE-2024-35635 is a Server-Side Request Forgery (SSRF) vulnerability in Ninja Tables by WPManageNinja LLC, affecting Ninja Tables versions up to and including 5.0.9. The issue has been fixed in version 5.0.10. Public sources (Patchstack) identify the affected plugin as vulnerable to SSRF with a l...

CVE-2024-29824

CVE-2024-29824 affects Ivanti Endpoint Manager (EPM) Core server. A SQL injection in the RecordGoodApp flow (via un-sanitized md5 in ReportedGoodApps handling) allows an unauthenticated attacker on the same network to execute arbitrary code, enabling unauthenticated remote code execution. Vulnera...

CVE-2024-35140

CVE-2024-35140 affects IBM Security Verify Access Docker versions 10.0.0–10.0.6. The root cause is improper certificate validation that could allow a local user to escalate privileges. The IBM PSIRT and related advisories indicate a fix released with 10.0.7 (and ISVA 10.0.7-ISS-ISVA-FP0000 for 10...

CVE-2022-25038

CVE-2022-25038 concerns wanEditor up to version 4.7.11, where a cross-site scripting (XSS) vulnerability is triggered via the video upload function. The CVSS 3.1 base score is 6.1 (MEDIUM) with network attack, low attack complexity, and user interaction required. Affected component: wanEditor vid...

CVE-2023-35949

CVE-2023-35949 affects libigl v2.4.0. The vulnerability lies in the readOFF.cpp code path that parses OFF files; a specially crafted .off file can trigger a stack-based buffer overflow. This can lead to arbitrary code execution within the vulnerable process. Connected sources corroborate the same...

CVE-2024-35085

CVE-2024-35085 affects J2EEFAST v2.7.0; a SQL injection exists in the findPage function of ProcessDefinitionMapper.xml due to insufficient input validation. Exploitation could allow an attacker to execute arbitrary SQL to access data, per multiple sources (CNVD/CNNVD, Red Hat, NVD). There is no c...

CVE-2024-33936

CVE-2024-33936 is a Stored Cross-Site Scripting (XSS) vulnerability in Twinpictures Print-O-Matic for WordPress, affecting Print-O-Matic: from n/a through 2.1.10. The issue arises from improper input neutralization during web page generation. No exploits or vectors are provided in the documents. ...

CVE-2024-29987

Microsoft Edge (Chromium-based) has a documented information disclosure vulnerability associated with CVE-2024-29987. Publicly reported details indicate the issue affects Edge’s Chromium-based browser and can enable an attacker to obtain sensitive information. Several connected sources reference ...

CVE-2024-29045

CVE-2024-29045 is a remote code execution vulnerability in the Microsoft OLE DB Driver for SQL Server. Exploitation is network-based with no privileges required and user interaction needed (per CVSS: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). The issue affects the OLE DB Driver for SQL Server and is a...

Heap overflow

A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “loggergeneric” function of the “Axrtu” binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in a Denial-of-Service DoS condition, possibly in the execution of arbitra...

Sql injection

ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...

Spoofing

Dynamics 365 Field Service Spoofing Vulnerability...

Information disclosure

Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0;...

Cross site scripting

springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/role...