6038 matches found
CVE-2024-28277
In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subjectname= parameter, enabling Stored Cross-Site Scripting XSS attacks. This vulnerability allows attackers to manipulate the subject's name, potentially leading to the execution of malicious JavaScript payloa...
CVE-2024-28277
CVE-2024-28277 affects Sourcecodester School Task Manager v1.0. The vulnerability is a Stored Cross-Site Scripting (XSS) in the subject_name/subject name parameter, allowing an attacker to manipulate the subject’s name and potentially execute malicious JavaScript payloads. Root cause is unvalidat...
Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560fB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Panel.SmokeLoader Vulnerability: Cross Site Request Forgery CSRF - Persistent XSS Family:...
PT-2024-22375 · Unknown · Sourcecodester School Task Manager
Name of the Vulnerable Software and Affected Versions: Sourcecodester School Task Manager version 1.0 Description: The issue is related to Cross Site Scripting XSS via the add-task.php endpoint, specifically the task name parameter. This allows for potential malicious script injection. No...
PT-2024-22376 · Unknown · Sourcecodester School Task Manager
Name of the Vulnerable Software and Affected Versions: Sourcecodester School Task Manager version 1.0 Description: A vulnerability was identified within the subject name= parameter, enabling Stored Cross-Site Scripting XSS attacks. This issue allows attackers to manipulate the subject's name,...
CVE-2024-26517
SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component...
CVE-2024-26517
CVE-2024-26517 is a SQL injection vulnerability in School Task Manager v1.0, exploitable via the delete-task.php component, allowing a remote attacker to obtain sensitive information. The linked documents consistently identify the affected software and component (School Task Manager 1.0, delete-t...
CVE-2024-26517
SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component...
PT-2024-25129 · J2Eefast · J2Eefast
Name of the Vulnerable Software and Affected Versions: J2EEFAST version 2.7.0 Description: A SQL injection issue was discovered via the sql filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml. This allows for potential exploitation. No information is provided about the...
PT-2024-40761 · Git +1 · Tinyusb
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of "Use-of-uninitialized-value" as reported by OSS-Fuzz. The crash state involves cdc task and fuzz.cc, indicating a...
CVE-2022-48697 nvmet: fix a use-after-free
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a use-after-free Fix the following use-after-free complaint triggered by blktests nvme/004: BUG: KASAN: user-memory-access in blkmqcompleterequestremote+0xac/0x350 Read of size 4 at addr 0000607bd1835943 by task...
CVE-2022-48675
CVE-2022-48675 is a Linux kernel issue in IB/core involving a nested deadlock between exiting mmap (exit_mmap/__mmu_notifier_release) and a mutex held during ib_umem_odp_map_dma_and_lock. The root cause is a potential deadlock when mmput() is called while umem_mutex is held, triggering a lock in ...
CVE-2023-38124
Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit...
CVE-2023-38124
Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit...
CVE-2023-38124
Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit...
CVE-2023-38124 Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability
Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit...
CVE-2023-38124
CVE-2023-38124 affects Inductive Automation Ignition Gateway/OPC UA Quick Client Task Scheduling. The flaw stems from exposing a dangerous function in the Ignition Gateway server, allowing remote attackers to execute code with SYSTEM privileges after authenticating. Documents consistently describ...
Medium: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow timeout for anonymous sets CVE-2023-52620 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add NULL ptr dereference checking at the end of attrallocatefra...
CVE-2024-27060 thunderbolt: Fix NULL pointer dereference in tb_port_update_credits()
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix NULL pointer dereference in tbportupdatecredits Olliver reported that his system crashes when plugging in Thunderbolt 1 device: BUG: kernel NULL pointer dereference, address: 0000000000000020 PF: supervisor read...
CVE-2024-26951
In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: check for dangling peer via isdead instead of empty list If all peers are removed via wgpeerremoveall, rather than setting peerlist to empty, the peer is added to a temporary list with a head on the stack of...