Input validation

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This...

Hardcoded credentials

Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks...

Sql injection

A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file Source/librarian/user/student/login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated...

Sql injection

A vulnerability was found in code-projects Crime Reporting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file inchargelogin.php. The manipulation of the argument email/password leads to sql injection. The attack can be initiated remotely. The exploit...

Sql injection

A vulnerability was found in code-projects Crime Reporting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file policeadd.php. The manipulation of the argument policename/policeid/policespec/password leads to sql injection. The exploit has been disclos...

Improper access control

A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file users.php of the component Backend. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit h...

Cross site scripting

A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Affected is an unknown function of the file user-bookings.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit...

Path traversal

@backstage/backend-common is a common functionality library for backends for Backstage, an open platform for building developer portals. In @backstage/backend-common prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the resolveSafeChildPath utility were not exhaustive enough, leadi...

Sql injection

A vulnerability, which was classified as critical, has been found in CodeAstro House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file signing.php. The manipulation of the argument uname/password leads to sql injection. The attack may be launched...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumacltcam: Fix NULL pointer dereference in error path When calling mlxswspacltcamregiondestroy from an error path after failing to attach the region to an ACL group, we hit a NULL pointer dereference upon...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix netdevpriv dereference before check on non-DSA netdevice events After the blamed commit, we started doing this dereference for every NETDEVCHANGEUPPER and NETDEVPRECHANGEUPPER event in the system. static inline stru...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is a potential UAF scenario in the case of an LPI translation cache hit racing with an operation that invalidates the cache, such as a DISCARD ITS command...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: pwm: Fix out-of-bounds access in ofpwmsinglexlate With args-argscount == 2 args-args2 is not defined. Actually the flags are contained in args-args1...

Design/Logic Flaw

A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the component Add Members Tab. The manipulation of the argument Member Photo leads to unrestricted upload. It is possible to initiate the attack remotely. T...

Out-of-bounds

A vulnerability was found in CodeAstro Membership Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /uploads/ of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The...

Cross site scripting

Wallos 0.9 is vulnerable to Cross Site Scripting XSS in all text-based input fields without proper validation, excluding those requiring specific formats like date fields...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: iommu: Don't reserve 0-length IOVA region When the bootloader/firmware doesn't setup the framebuffers, their address and size are 0 in "iommu-addresses" property. If IOVA region is reserved with 0 length, then it ends up corrupti...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, there is no check on whether the length is aligned with the logical block size. If the logical block siz...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drmschedentityinit--shouldn't happen, but we verify--with out-of-bounds priority value, we set it to an allowed value. Fix the...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference at hibernate During hibernate sequence the source context might not have a clkmgr. So don't use it to look for DML2 support...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assign a callback for that function. At the same time mount the efivarfs as RO so no one can...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: bpf: fix check for attempt to corrupt spilled pointer When register is spilled onto a stack as a 1/2/4-byte register, we set slottypeBPFREGSIZE - 1 plus potentially few more below it, depending on actual spill size. So to check i...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: hisiaccvfiopci: Update migration data pointer correctly on saving/resume When the optional PRECOPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on the f...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix duplicated list deletion The list deletion call dropped here is already called from the helper function in the line before. Having a second listdel call results in either a warning with CONFIGDEBUGLIST=y:...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat: drivers/edac/thunderxedac.c: In function 'thunderxocxcomthreadedisr':...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: omap: Don't skip resource freeing if pmruntimeresumeandget failed Returning an error code from .remove makes the driver core emit the little helpful error message: remove callback returned a non-zero value. This wil...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: net: qualcomm: rmnet: fix global oob in rmnetpolicy The variable rmnetlinkops assign a bigger maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. See bug trace below:...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: serial: imx: fix tx statemachine deadlock When using the serial port as RS485 port, the tx statemachine is used to control the RTS pin to drive the RS485 transceiver TXEN pin. When the TTY port is closed in the middle of a...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmettcpbuildpduiovec. Unable to handle kernel NULL pointer dereference a...

Design/Logic Flaw

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...

Authentication flaw

A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDMload.php of the component Cookie Handler. The manipulation of the argument isadmin with the input y...

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in Raaj Trambadia Pexels: Free Stock Photos.This issue affects Pexels: Free Stock Photos: from n/a through 1.2.2...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5...

Path traversal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Arne Franken All In One Favicon.This issue affects All In One Favicon: from n/a through 4.7...

Cross site request forgery (csrf)

The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the apiCall function. This makes it possible for unauthenticated attackers to call a limited set of...

Cross site request forgery (csrf)

The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwpinstallplugin function. This makes it possible for unauthenticated attackers to install recommended...

Cross site request forgery (csrf)

The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the cpshortcoderefresh function. This makes it possible for unauthenticated attackers to execute arbitra...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to the buffer, and once...

Cross site scripting

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

Cross site scripting

The SocialDriver WordPress theme before version 2024 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties resulting in a cross-site scripting XSS attack...

Denial of service

Denial of service condition in M-Files Server in versions before 24.2 excluding 23.2 SR7 and 23.8 SR5 allows anonymous user to cause denial of service against other anonymous users...

Cross site request forgery (csrf)

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the settings update function. This makes it possible for unauthenticated attackers t...

Sql injection

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

Design/Logic Flaw

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ztdcfcfchangebookmark function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter...

Design/Logic Flaw

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ztdcfcfchangestatus function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter t...

Design/Logic Flaw

Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data...

Open redirect

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...

Design/Logic Flaw

A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services...

Command injection

A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.85220230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injection. The exploit has been disclosed to the public...