896 matches found
CVE-2025-32809
W. W. Norton InQuizitive through 2025-04-08 allows students to conduct stored XSS attacks against educators via a bonus description, feedback.choicefb, or questionid...
CVE-2025-32808
W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists...
CVE-2025-32808
Affected software: W. W. Norton InQuizitive (through 2025-04-08). The vulnerability arises from client-side access control, allowing a student to insert arbitrary quiz records into the backend, with integrity impact (I=HIGH) and no confidentiality impact (C=NONE). CVSS details: CVSS 3.1 base scor...
CVE-2025-32809
InQuizitive (W. W. Norton) is affected by CVE-2025-32809 through 2025-04-08, which allows stored cross-site scripting via user-supplied data in bonus description, feedback.choice_fb[], or question_id. The issue is described across multiple sources as a stored XSS vulnerability; exploitation appea...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to the stbhwbuildtilesetfromimage function. An attacker can read memory locations that should be inaccessible by manipulating the w argument. Remediation There is no fixed version for stb. References - GitHub Issu...
Linux Distros Unpatched Vulnerability : CVE-2024-47745
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm: call the securitymmapfile LSM hook in remapfilepages The remapfilepages syscall handler calls dommap directly, which doesn't contain the LSM security check...
CVE-2022-0401
Path Traversal in NPM w-zip prior to 1.0.12...
Online Exam System 安全漏洞
Online Exam System is an online exam system by oretnom23 individual developers. A security vulnerability exists in Online Exam System, which stems from a cross-site scripting vulnerability that allows remote attackers to obtain sensitive information via the parameter w. The vulnerability is cause...
HouseRent 安全漏洞
HouseRent is a house rental management system by Mr.W individual developer. An auto-caching JWK-Set HTTP client is provided. A security vulnerability exists in HouseRent version 1.0, which stems from unknown functionality in the file src/main/java/com/house/wym/controller/AdminController.java tha...
CVE-2023-32094
Missing Authorization vulnerability in Felix W. Extended Post Status extended-post-status allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extended Post Status: from n/a through = 1.0.19...
CVE-2024-11667
CVE-2024-11667 involves a directory traversal flaw in Zyxel firewalls' web management interface (ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN) affecting firmware V5.00–V5.38 (and related ranges). The vulnerability could allow an attacker to download or upload files via a crafted URL, with impact t...
CVE-2024-11667
A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50W series firmware versions V5.10 through V5.38, and USG20W-VPN series firmware versions V5.10 through...
CVE-2024-46952
An issue was discovered in pdf/pdfxref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream related to W array values...
CVE-2024-51606
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Blrt Blrt WP Embed allows SQL Injection.This issue affects Blrt WP Embed: from n/a through 1.6.9...
UBUNTU-CVE-2024-46952
An issue was discovered in pdf/pdfxref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream related to W array values...
SUSE CVE-2024-46952
An issue was discovered in pdf/pdfxref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream related to W array values...
CVE-2024-47745
A flaw was found in the remapfilepages function in mm/mmap.c in the Linux kernel, where it does not properly restrict execute access. This vulnerability allows local users to bypass intended SELinux W^X policy restrictions. Mitigation The issue exists if SELinux W^X policy restrictions are being...
CVE-2024-47745
In the Linux kernel, the following vulnerability has been resolved: mm: call the securitymmapfile LSM hook in remapfilepages The remapfilepages syscall handler calls dommap directly, which doesn't contain the LSM security check. And if the process has called personalityREADIMPLIESEXEC before and...
DEBIAN-CVE-2024-47745
In the Linux kernel, the following vulnerability has been resolved: mm: call the securitymmapfile LSM hook in remapfilepages The remapfilepages syscall handler calls dommap directly, which doesn't contain the LSM security check. And if the process has called personalityREADIMPLIESEXEC before and...
CVE-2024-47716
In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal...