CVE-2024-7456 SQL Injection in lunary-ai/lunary

A SQL injection vulnerability exists in the /api/v1/external-users route of lunary-ai/lunary version v1.4.2. The order by clause of the SQL query uses sql.unsafe without prior sanitization, allowing for SQL injection. The orderByClause variable is constructed without server-side validation or...

CVE-2024-7456

The CVE-2024-7456 issue affects lunary-ai/lunary v1.4.2, where the /api/v1/external-users route constructs an ORDER BY clause using sql.unsafe without server-side sanitization, enabling SQL injection. Impact per sources: potential complete data loss/modification/corruption. Public details across ...

CVE-2024-42939

A cross-site scripting XSS vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field...

CVE-2024-42939

A cross-site scripting XSS vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field...

CVE-2024-42939

A cross-site scripting XSS vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field...

CVE-2024-34997

A flaw was found in python-joblib. A deserialization vulnerability via the joblib.numpypickle::NumpyArrayWrapper.readarray component uses the insecure pickle python library when used with untrusted inputs...

CVE-2024-34997

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...

CVE-2024-34997

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...

CVE-2024-34997

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...

CoreWCF NetFraming based services can leave connections open when they should be closed

Impact If you have a NetFraming based CoreWCF service, extra system resources could be consumed by connections being left established instead of closing or aborting them. There are two scenarios when this can happen. When a client established a connection to the service and sends no data, the...

CVE-2024-28252 CoreWCF NetFraming based services can leave connections open when they should be closed

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. If you have a NetFraming based CoreWCF service, extra system resources could be consumed by connections being left established instead of closing or aborting them. There are two scenarios when this can...

ConverTo Video Downloader And Converter 1.4.2 File Download

==================================================================================================================================== | Title : ConverTo Video Downloader & Converter v1.4.2 - Arbitrary File Download Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | |...

cheqd-node affected by Inter-blockchain Communication (IBC) protocol "Huckleberry" vulnerability

Impact This vulnerability affects the ibc-go package for those running full nodes, dubbed "Huckleberry". According to their advisory: This issue is low-severity in general, and it has a low impact and likelihood of exploitation. Depending on how a full node is architected, this issue could...

CVE-2021-24743

The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows users with any role capable of editing or adding posts to perform stored XSS...

CVE-2020-18035

Cross Site Scripting XSS in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java"...

CVE-2020-18035

Cross Site Scripting XSS in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java"...

Cross site scripting

Cross Site Scripting XSS in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java"...

CVE-2020-18035

CVE-2020-18035 is a cross-site scripting vulnerability in Jeesns v1.4.2. The issue arises in the CKEditor integration, specifically through the CKEditorFuncNum parameter in the file/component CkeditorUploadController.java, allowing remote attackers to craft inputs that execute arbitrary code in t...

my-gesuad 0.9.14 (ab/sql/xss) Multiple Vulnerabilities

No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! --...

JVN#55074201: Yahoo! Browser vulnerable to address bar spoofing

Yahoo! Browser contains an issue when opening a new window, which may result in the address bar being spoofed. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution Update the software Update to the latest version according...