openSUSE Security Advisory (SUSE-SU-2025:02276-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-5636

CVE-2024-5636 affects itsourcecode Bakery Online Ordering System 1.0. The vulnerability is in the file report/index.php, where manipulation of the argument procduct leads to SQL injection. The issue is exploitable remotely and has been publicly disclosed. Documentation lists high-severity impact ...

CVE-2024-35672

CVE-2024-35672 is a Missing Authorization / Broken Access Control vulnerability in WordPress Netgsm plugin (versions n/a–2.9.19). Patchstack documents a fix in 2.9.20; other sources reiterate the issue as Missing Authorization affecting Netgsm up to 2.9.19. No exploit details are provided in the ...

CVE-2024-30045

CVE-2024-30045 is a .NET/Visual Studio Remote Code Execution vulnerability caused by a stack buffer overrun in the Double Parse routine. It affects .NET 7.0 up to 7.0.18 and .NET 8.0 up to 8.0.4; patched versions are 7.0.19 and 8.0.5 ( Microsoft/MSRC advisory; GHSA entry lists affected packages a...

CVE-2024-28944

CVE-2024-28944 affects Microsoft OLE DB Driver for SQL Server. The vulnerability is a Remote Code Execution issue in the OLE DB Driver components and is addressed by Microsoft security updates KB5036343 (SQL Server 2022 CU12 and related builds) and KB5037572 (OLE DB Driver 18 for SQL Server). The...

CVE-2024-28924

Technical details about CVE-2024-28924 are not publicly provided in the connected documents. Monitor for updates from Microsoft, NVD, or CVE editors for affected products, impact, root cause, and available fixes.

CVE-2024-21322

CVE-2024-21322 affects Microsoft Defender for IoT. Affected component is the Defender for IoT web application; the root cause is described by Microsoft as CWE-77 (improper neutralization of commands). Exploitation yields remote code execution and requires the attacker to have existing administrat...

CVE-2024-31107

Technical details for CVE-2024-31107 are not provided in the supplied documents. Monitor for updates; current materials reference XSS broadly but do not specify affected versions, vectors, exploit status, or fixes.

Privilege escalation

Software for Open Networking in the Cloud SONiC Elevation of Privilege Vulnerability...

Information disclosure

Outlook for Android Information Disclosure Vulnerability...

Sql injection

Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via PublisherID...

Open redirect

Rejected reason: This is unused...

Cross site request forgery (csrf)

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery CSRF via the component /core/tools/updateplace.php...

Privilege escalation

Trusted Compute Base Elevation of Privilege Vulnerability...

Information disclosure

Microsoft Edge for Android Information Disclosure Vulnerability...

Spoofing

Microsoft Edge for Android Spoofing Vulnerability...

Authentication flaw

A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system...

Out-of-bounds

swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dictdolookup in swftools/lib/q.c:1190...

Remote code execution

Microsoft ODBC Driver Remote Code Execution Vulnerability...

Information disclosure

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak...