aglow (>=0.1.0rc3 <=0.1.0rc4), ai-flow (>=0.1.0 <=0.3.1) +8 more potentially affected by CVE-2024-45034 via apache-airflow (>=1.8.2 <=2.0.2)

apache-airflow PYPI version =1.8.2, =0.1.0rc3, =0.1.0, =2.4.2, =1.7.2, =0.3.12, =11.8.0, =0.0.5, =0.0.6 Source cves: CVE-2024-45034 Source advisory: OSV:GHSA-92XG-GMRQ-5C3W...

ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-base-test-mindeps-client (>=5.6.5 <=7.4.3) +249 more potentially affected by CVE-2024-45294 +1 more via ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 (>=0.0.1 <=6.3.22)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 MAVEN version =0.0.1, =5.6.5, =5.6.5, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =5.2.1 and more Source cves: CVE-2024-45294, CVE-2024-52007 Source advisory: OSV:GHSA-6CR6-PH3P-F5RF...

PT-2024-31458 · Za Internet · Za-Internet C-Mor Video Surveillance

Name of the Vulnerable Software and Affected Versions: za-internet C-MOR Video Surveillance versions 5.2401 through 6.00PL01 Description: An issue was discovered due to improper validation of user-supplied data, making different functionalities of the C-MOR web interface vulnerable to SQL injecti...

PT-2024-38993 · Abcd2 · Abcd2

Name of the Vulnerable Software and Affected Versions: ABCD ABCD2 versions up to 2.2.0-beta-1 Description: A problematic issue has been found in the software, affecting the processing of the file /buscar integrada.php. The manipulation of the Sub Expresion argument leads to cross-site scripting...

CVE-2024-39579

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access...

ailabeler (=0.5.0), aiotieba (>=2.9.0 <=2.10.3) +126 more potentially affected by CVE-2023-4863 via opencv-contrib-python-headless (>=3.4.18.65 <=4.8.0.76)

opencv-contrib-python-headless PYPI version =3.4.18.65, =2.9.0, =0.1.0, =1.2.0, =0.1.0, =0.1.11, =1.0.0, =5.4.1, =0.0.1, =0.1.9, =0.1.1, =0.1.2, =0.1.4 and more Source cves: CVE-2023-4863 Source advisory: OSV:GHSA-W2PJ-9CGH-MQ2C...

PT-2024-31628 · Chartist · Chartist

Name of the Vulnerable Software and Affected Versions: Chartist versions 1.x through 1.3.0 Description: The issue allows Prototype Pollution via the extend function. This can potentially lead to security risks, as it may enable attackers to manipulate the prototype chain of objects, affecting the...

PT-2024-31239 · Unknown · Shenzhou News Union Enterprise Management System

Name of the Vulnerable Software and Affected Versions: Shenzhou News Union Enterprise Management System versions 5.0 through 18.8 Description: The issue is related to incorrect access control in the component /servlet/SnoopServlet, allowing attackers to access sensitive information regarding the...

@aws-cdk/integ-runner (>=2.142.0-alpha.0 <=2.148.0-alpha.0), @jill64/sveltekit-adapter-aws (>=1.9.3 <=1.9.45) +3 more potentially affected by CVE-2024-45037 via aws-cdk (>=2.142.0 <=2.148.0)

aws-cdk NPM version =2.142.0, =2.142.0-alpha.0, =1.9.3, =3.1.6, =2.142.0, =2.148.0 Source cves: CVE-2024-45037 Source advisory: OSV:GHSA-QJ85-69XF-2VXQ...

@faasjs/graphql-server (>=0.0.2-beta.4 <=0.0.2-beta.253), @galdirik/common (>=1.0.52 <=1.1.42) +65 more potentially affected by CVE-2024-43414 via @apollo/gateway (>=2.0.1 <=2.8.4)

@apollo/gateway NPM version =2.0.1, =0.0.2-beta.4, =1.0.52, =1.7.3, =3.0.5, =3.0.4, =0.2.0, =0.11.46, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =8.6.7, =6.0.0-dev.156-swarm.1, =0.7.0-alpha.3, =0.7.32 and more Source cves: CVE-2024-43414 Source advisory: OSV:GHSA-FMJ9-77Q8-G6C4...

CVE-2024-7125

Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01...

CVE-2024-8073

Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13...

Apache Portable Runtime 安全漏洞

Apache Portable Runtime APR is an Apache Foundation library that provides an underlying support interface for upper-tier applications that can be used across multiple operating system platforms. A security vulnerability exists in Apache Portable Runtime versions 0.9.0 through 1.7.4, which stems...

Hillstone Networks Web Application Firewall 安全漏洞

Hillstone Networks Web Application Firewall is a Web firewall from Hillstone Networks China. A security vulnerability exists in Hillstone Networks Web Application Firewall versions 5.5R6-2.6.7 through 5.5R6-2.8.13, which stems from an incorrect input validation vulnerability that allows command...

africa.absa:inception-application (>=1.0.0 <=1.2.0), app.fmgp:scala-did-docs_3 (>=0.1.0-M16 <=0.1.0-M33) +3382 more potentially affected by CVE-2024-7885 via io.undertow:undertow-core (>=1.0.0.Alpha1 <=2.2.35.Final)

io.undertow:undertow-core MAVEN version =1.0.0.Alpha1, =1.0.0, =0.1.0-M16, =1.0.0, =0.4.0, =2.0.0, =1.0.2, =1.0.0, =1.2.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2024-7885 Source advisory: OSV:GHSA-9623-MQMM-5RCF...

app.valuationcontrol:webservice (>=0.5.0 <=0.5.1), ba.sake:sharaf_3 (>=0.0.7 <=0.7.4) +983 more potentially affected by CVE-2024-7885 via io.undertow:undertow-core (>=2.3.0.Alpha1 <=2.3.16.Final)

io.undertow:undertow-core MAVEN version =2.3.0.Alpha1, =0.5.0, =0.0.7, =1.1.15, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.31 and more Source cves: CVE-2024-7885 Source advisory: OSV:GHSA-9623-MQMM-5RCF...

VulnCheck KEV: CVE-2024-28000

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1...

CVE-2024-7775

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes i...

WordPress BitForm plugin 2.0 - 2.13.9 - Authenticated (Administrator+) SQL Injection via getLogHistory Function vulnerability

WordPress BitForm plugin 2.0 - 2.13.9 - Authenticated Administrator+ SQL Injection via getLogHistory Function vulnerability discovered by siunam in WordPress Plugin Bit Form versions 2.0 - 2.13.9...

PT-2024-38574 · WordPress · The Contact Form By Bit Form

Name of the Vulnerable Software and Affected Versions: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress versions 2.0 through 2.13.9 Description: The issue is related to generic SQL Injection via the id...