π¨ CVE-2024-6969
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /ajax/get_patient_history.php. The manipulation of the argument patient_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272123.
π@cveNotify
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /ajax/get_patient_history.php. The manipulation of the argument patient_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272123.
π@cveNotify
GitHub
cve/sql4.md at main Β· Xu-Mingming/cve
Contribute to Xu-Mingming/cve development by creating an account on GitHub.
π¨ CVE-2024-6970
A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file /staffcatadd.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272124.
π@cveNotify
A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file /staffcatadd.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272124.
π@cveNotify
π¨ CVE-2024-1394
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputsβ. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkeyβ and ctxβ. That function uses named return parameters to free pkeyβ and ctxβ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkeyβ and ctxβ will be nil inside the deferred function that should free them.
π@cveNotify
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputsβ. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkeyβ and ctxβ. That function uses named return parameters to free pkeyβ and ctxβ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkeyβ and ctxβ will be nil inside the deferred function that should free them.
π@cveNotify
π¨ CVE-2024-41703
LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed version release has started in PR 3363.)
π@cveNotify
LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed version release has started in PR 3363.)
π@cveNotify
GitHub
[Bug]: Responsible Disclosure of Potential Security Vulnerabilities Β· danny-avila LibreChat Β· Discussion #3315
What happened? The AppSec team at REA Group have performed a penetration test of LibreChat and have discovered a number of security vulnerabilities. We would like to work with the maintainer of Lib...
π¨ CVE-2024-41704
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a fixed version release has started in PR 3363.)
π@cveNotify
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a fixed version release has started in PR 3363.)
π@cveNotify
GitHub
[Bug]: Responsible Disclosure of Potential Security Vulnerabilities Β· danny-avila LibreChat Β· Discussion #3315
What happened? The AppSec team at REA Group have performed a penetration test of LibreChat and have discovered a number of security vulnerabilities. We would like to work with the maintainer of Lib...
π¨ CVE-2024-41709
Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission.
π@cveNotify
Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission.
π@cveNotify
π¨ CVE-2024-5004
The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
π@cveNotify
The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
π@cveNotify
WPScan
CM Popup Plugin for WordPress < 1.6.6 - Contributor+ Stored XSS
See details on CM Popup Plugin for WordPress < 1.6.6 - Contributor+ Stored XSS CVE 2024-5004. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-5529
The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
π@cveNotify
The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
π@cveNotify
WPScan
WP QuickLaTeX < 3.8.8 - Admin+ Stored XSS
See details on WP QuickLaTeX < 3.8.8 - Admin+ Stored XSS CVE 2024-5529. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-5973
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.
π@cveNotify
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.
π@cveNotify
WPScan
MasterStudy LMS < 3.3.24 - Privilege Escalation to Instructor
See details on MasterStudy LMS < 3.3.24 - Privilege Escalation to Instructor CVE 2024-5973. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-6243
The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disabled.
π@cveNotify
The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disabled.
π@cveNotify
WPScan
HTML Forms < 1.3.33 - Admin+ Stored XSS
See details on HTML Forms < 1.3.33 - Admin+ Stored XSS CVE 2024-6243. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-6244
The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
π@cveNotify
The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
π@cveNotify
WPScan
pz-frontend-manager < 1.0.6 - CSRF change user profile picture
See details on pz-frontend-manager < 1.0.6 - CSRF change user profile picture CVE 2024-6244. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-6271
The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack
π@cveNotify
The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack
π@cveNotify
WPScan
Community Events < 1.5 - Event Deletion via CSRF
See details on Community Events < 1.5 - Event Deletion via CSRF CVE 2024-6271. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-39236
Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself.
π@cveNotify
Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself.
π@cveNotify
GitHub
PoC/Gradio.md at main Β· Aaron911/PoC
Contribute to Aaron911/PoC development by creating an account on GitHub.
π¨ CVE-2024-37391
ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss.
π@cveNotify
ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss.
π@cveNotify
GitHub
Fix drive installer path Β· ProtonVPN/win-app@2e4e250
Official ProtonVPN Windows app. Contribute to ProtonVPN/win-app development by creating an account on GitHub.
π¨ CVE-2024-40430
In SFTPGO 2.6.2, the JWT implementation lacks cerrtain security measures, such as using JWT ID (JTI) claims, nonces, and proper expiration and invalidation mechanisms.
π@cveNotify
In SFTPGO 2.6.2, the JWT implementation lacks cerrtain security measures, such as using JWT ID (JTI) claims, nonces, and proper expiration and invalidation mechanisms.
π@cveNotify
π¨ CVE-2023-51437
Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.
Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file.
Any component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker.
2.11 Pulsar users should upgrade to at least 2.11.3.
3.0 Pulsar users should upgrade to at least 3.0.2.
3.1 Pulsar users should upgrade to at least 3.1.1.
Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions.
For additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .
π@cveNotify
Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.
Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file.
Any component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker.
2.11 Pulsar users should upgrade to at least 2.11.3.
3.0 Pulsar users should upgrade to at least 3.0.2.
3.1 Pulsar users should upgrade to at least 3.1.1.
Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions.
For additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .
π@cveNotify
π¨ CVE-2024-27316
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
π@cveNotify
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
π@cveNotify
π¨ CVE-2024-39863
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.
π@cveNotify
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.
π@cveNotify
GitHub
Validating provider description for urls in provider list view by amoghrajesh Β· Pull Request #40475 Β· apache/airflow
Validating URLs in Provider Descriptions for Provider List View
^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an A...
^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an A...
π¨ CVE-2024-0857
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection.This issue affects FlexWater Corporate Water Management: before 5.452.0.
π@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection.This issue affects FlexWater Corporate Water Management: before 5.452.0.
π@cveNotify
π¨ CVE-2024-37245
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vsourz Digital All In One Redirection allows Reflected XSS.This issue affects All In One Redirection: from n/a through 2.2.0.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vsourz Digital All In One Redirection allows Reflected XSS.This issue affects All In One Redirection: from n/a through 2.2.0.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress All In One Redirection Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
β€1
π¨ CVE-2024-37246
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jethin Gallery Slideshow allows Stored XSS.This issue affects Gallery Slideshow: from n/a through 1.4.1.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jethin Gallery Slideshow allows Stored XSS.This issue affects Gallery Slideshow: from n/a through 1.4.1.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Gallery Slideshow Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.