CVE-2024-47212 - Iglu Server Denial of Service (DoS) Vulnerability
CVE ID : CVE-2024-47212
Published : April 3, 2025, 9:15 p.m. | 1 hour, 31 minutes ago
Description : An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-47212
Published : April 3, 2025, 9:15 p.m. | 1 hour, 31 minutes ago
Description : An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-47213 - Enrich Denial of Service (DoS) Vulnerability
CVE ID : CVE-2024-47213
Published : April 3, 2025, 9:15 p.m. | 1 hour, 31 minutes ago
Description : An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to the pipeline. Upon receiving this event and trying to validate it, Enrich crashes and attempts to restart indefinitely. As a result, event processing would be halted.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-47213
Published : April 3, 2025, 9:15 p.m. | 1 hour, 31 minutes ago
Description : An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to the pipeline. Upon receiving this event and trying to validate it, Enrich crashes and attempts to restart indefinitely. As a result, event processing would be halted.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-47214 - Iglu Server Denial of Service (DoS)
CVE ID : CVE-2024-47214
Published : April 3, 2025, 9:15 p.m. | 1 hour, 31 minutes ago
Description : An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47212, but involves a different kind of malicious payload. As above, it can render Iglu Server completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-47214
Published : April 3, 2025, 9:15 p.m. | 1 hour, 31 minutes ago
Description : An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47212, but involves a different kind of malicious payload. As above, it can render Iglu Server completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-47215 - Snowbridge Google Tag Manager Server Side Infinite Event Retry Vulnerability
CVE ID : CVE-2024-47215
Published : April 3, 2025, 9:15 p.m. | 1 hour, 31 minutes ago
Description : An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. It involves attaching an invalid GTM SS preview header to events, causing them to be retried indefinitely. As a result, the performance of forwarding events to GTM SS overall can be affected (latency, throughput).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-47215
Published : April 3, 2025, 9:15 p.m. | 1 hour, 31 minutes ago
Description : An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. It involves attaching an invalid GTM SS preview header to events, causing them to be retried indefinitely. As a result, the performance of forwarding events to GTM SS overall can be affected (latency, throughput).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-47217 - Iglu Server Denial of Service (DoS)
CVE ID : CVE-2024-47217
Published : April 3, 2025, 9:15 p.m. | 1 hour, 31 minutes ago
Description : An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47214, but involves an authenticated endpoint. It can render Iglu Server completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-47217
Published : April 3, 2025, 9:15 p.m. | 1 hour, 31 minutes ago
Description : An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47214, but involves an authenticated endpoint. It can render Iglu Server completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-56528 - Snowplow Collector Denial of Service (DoS)
CVE ID : CVE-2024-56528
Published : April 3, 2025, 9:15 p.m. | 1 hour, 31 minutes ago
Description : This vulnerability affects Snowplow Collector 3.x before 3.3.0 (unless it’s set up behind a reverse proxy that establishes payload limits). It involves sending very large payloads to the Collector and can render it unresponsive to the rest of the requests. As a result, data would not enter the pipeline and would be potentially lost.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-56528
Published : April 3, 2025, 9:15 p.m. | 1 hour, 31 minutes ago
Description : This vulnerability affects Snowplow Collector 3.x before 3.3.0 (unless it’s set up behind a reverse proxy that establishes payload limits). It involves sending very large payloads to the Collector and can render it unresponsive to the rest of the requests. As a result, data would not enter the pipeline and would be potentially lost.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3178 - "Projectworlds Online Doctor Appointment Booking System SQL Injection Vulnerability"
CVE ID : CVE-2025-3178
Published : April 3, 2025, 9:15 p.m. | 1 hour, 31 minutes ago
Description : A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /doctor/deleteappointment.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3178
Published : April 3, 2025, 9:15 p.m. | 1 hour, 31 minutes ago
Description : A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /doctor/deleteappointment.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3179 - Projectworlds Online Doctor Appointment Booking System SQL Injection Vulnerability
CVE ID : CVE-2025-3179
Published : April 3, 2025, 9:15 p.m. | 1 hour, 31 minutes ago
Description : A vulnerability classified as critical has been found in projectworlds Online Doctor Appointment Booking System 1.0. Affected is an unknown function of the file /doctor/deletepatient.php. The manipulation of the argument ic leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3179
Published : April 3, 2025, 9:15 p.m. | 1 hour, 31 minutes ago
Description : A vulnerability classified as critical has been found in projectworlds Online Doctor Appointment Booking System 1.0. Affected is an unknown function of the file /doctor/deletepatient.php. The manipulation of the argument ic leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3180 - Projectworlds Online Doctor Appointment Booking System SQL Injection Vulnerability
CVE ID : CVE-2025-3180
Published : April 3, 2025, 9:15 p.m. | 1 hour, 31 minutes ago
Description : A vulnerability classified as critical was found in projectworlds Online Doctor Appointment Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /doctor/deleteschedule.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3180
Published : April 3, 2025, 9:15 p.m. | 1 hour, 31 minutes ago
Description : A vulnerability classified as critical was found in projectworlds Online Doctor Appointment Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /doctor/deleteschedule.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0278 - HCL Traveler Internal Path Disclosure Vulnerability
CVE ID : CVE-2025-0278
Published : April 3, 2025, 10:15 p.m. | 31 minutes ago
Description : HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0278
Published : April 3, 2025, 10:15 p.m. | 31 minutes ago
Description : HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0279 - HCL Traveler Information Disclosure Vulnerability
CVE ID : CVE-2025-0279
Published : April 3, 2025, 10:15 p.m. | 31 minutes ago
Description : HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0279
Published : April 3, 2025, 10:15 p.m. | 31 minutes ago
Description : HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30370 - Jupyterlab-Git Command Injection Vulnerability
CVE ID : CVE-2025-30370
Published : April 3, 2025, 10:15 p.m. | 31 minutes ago
Description : jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $(). These directory names are allowed in macOS and a majority of Linux distributions. If a user starts jupyter-lab in a parent directory of this inappropriately-named Git repository, opens it, and clicks "Git > Open Git Repository in Terminal" from the menu bar, then the injected command is run in the user's shell without the user's permission. This issue is occurring because when that menu entry is clicked, jupyterlab-git opens the terminal and runs cd through the shell to set the current directory. Doing so runs any command substitution strings present in the directory name, which leads to the command injection issue described here. A previous patch provided an incomplete fix. This vulnerability is fixed in 0.51.1.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30370
Published : April 3, 2025, 10:15 p.m. | 31 minutes ago
Description : jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $(). These directory names are allowed in macOS and a majority of Linux distributions. If a user starts jupyter-lab in a parent directory of this inappropriately-named Git repository, opens it, and clicks "Git > Open Git Repository in Terminal" from the menu bar, then the injected command is run in the user's shell without the user's permission. This issue is occurring because when that menu entry is clicked, jupyterlab-git opens the terminal and runs cd through the shell to set the current directory. Doing so runs any command substitution strings present in the directory name, which leads to the command injection issue described here. A previous patch provided an incomplete fix. This vulnerability is fixed in 0.51.1.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3181 - Projectworlds Online Doctor Appointment Booking System SQL Injection Vulnerability
CVE ID : CVE-2025-3181
Published : April 3, 2025, 10:15 p.m. | 31 minutes ago
Description : A vulnerability, which was classified as critical, has been found in projectworlds Online Doctor Appointment Booking System 1.0. Affected by this issue is some unknown functionality of the file /patient/appointment.php?scheduleDate=1&appid=1. The manipulation of the argument scheduleDate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3181
Published : April 3, 2025, 10:15 p.m. | 31 minutes ago
Description : A vulnerability, which was classified as critical, has been found in projectworlds Online Doctor Appointment Booking System 1.0. Affected by this issue is some unknown functionality of the file /patient/appointment.php?scheduleDate=1&appid=1. The manipulation of the argument scheduleDate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3182 - Projectworlds Online Doctor Appointment Booking System SQL Injection Vulnerability
CVE ID : CVE-2025-3182
Published : April 3, 2025, 10:15 p.m. | 31 minutes ago
Description : A vulnerability, which was classified as critical, was found in projectworlds Online Doctor Appointment Booking System 1.0. This affects an unknown part of the file /patient/getschedule.php. The manipulation of the argument q leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3182
Published : April 3, 2025, 10:15 p.m. | 31 minutes ago
Description : A vulnerability, which was classified as critical, was found in projectworlds Online Doctor Appointment Booking System 1.0. This affects an unknown part of the file /patient/getschedule.php. The manipulation of the argument q leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3183 - Projectworlds Online Doctor Appointment Booking System SQL Injection Vulnerability
CVE ID : CVE-2025-3183
Published : April 3, 2025, 10:15 p.m. | 31 minutes ago
Description : A vulnerability has been found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /patient/patientupdateprofile.php. The manipulation of the argument patientFirstName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3183
Published : April 3, 2025, 10:15 p.m. | 31 minutes ago
Description : A vulnerability has been found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /patient/patientupdateprofile.php. The manipulation of the argument patientFirstName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3184 - Projectworlds Online Doctor Appointment Booking System SQL Injection
CVE ID : CVE-2025-3184
Published : April 3, 2025, 11:15 p.m. | 1 hour, 33 minutes ago
Description : A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This issue affects some unknown processing of the file /patient/profile.php?patientId=1. The manipulation of the argument patientFirstName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3184
Published : April 3, 2025, 11:15 p.m. | 1 hour, 33 minutes ago
Description : A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This issue affects some unknown processing of the file /patient/profile.php?patientId=1. The manipulation of the argument patientFirstName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3185 - Projectworlds Online Doctor Appointment Booking System SQL Injection
CVE ID : CVE-2025-3185
Published : April 3, 2025, 11:15 p.m. | 1 hour, 33 minutes ago
Description : A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been classified as critical. Affected is an unknown function of the file /patient/patientupdateprofile.php. The manipulation of the argument patientFirstName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3185
Published : April 3, 2025, 11:15 p.m. | 1 hour, 33 minutes ago
Description : A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been classified as critical. Affected is an unknown function of the file /patient/patientupdateprofile.php. The manipulation of the argument patientFirstName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3186 - Projectworlds Online Doctor Appointment Booking System SQL Injection Vulnerability
CVE ID : CVE-2025-3186
Published : April 4, 2025, 12:15 a.m. | 33 minutes ago
Description : A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /patient/invoice.php. The manipulation of the argument appid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3186
Published : April 4, 2025, 12:15 a.m. | 33 minutes ago
Description : A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /patient/invoice.php. The manipulation of the argument appid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25000 - Microsoft Edge (Chromium-based) Type Confusion Remote Code Execution Vulnerability
CVE ID : CVE-2025-25000
Published : April 4, 2025, 1:15 a.m. | 3 hours, 42 minutes ago
Description : Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25000
Published : April 4, 2025, 1:15 a.m. | 3 hours, 42 minutes ago
Description : Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25001 - Microsoft Edge Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-25001
Published : April 4, 2025, 1:15 a.m. | 3 hours, 42 minutes ago
Description : Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25001
Published : April 4, 2025, 1:15 a.m. | 3 hours, 42 minutes ago
Description : Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29796 - Microsoft Edge for iOS UI Spoofing Vulnerability
CVE ID : CVE-2025-29796
Published : April 4, 2025, 1:15 a.m. | 3 hours, 42 minutes ago
Description : User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29796
Published : April 4, 2025, 1:15 a.m. | 3 hours, 42 minutes ago
Description : User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...