π¨ CVE-2024-8141
A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-calorie.php. The manipulation of the argument calorie_date/calorie_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-calorie.php. The manipulation of the argument calorie_date/calorie_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
CVE/SourceCodester_Daily_Calories_Monitoring_Tool_add_calorie_XSS.md at main Β· jadu101/CVE
Contribute to jadu101/CVE development by creating an account on GitHub.
π¨ CVE-2024-8142
A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/delete-calorie.php. The manipulation of the argument calorie leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/delete-calorie.php. The manipulation of the argument calorie leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
CVE/SourceCodester_Daily_Calories_Monitoring_Tool_delete_calorie_XSS.md at main Β· jadu101/CVE
Contribute to jadu101/CVE development by creating an account on GitHub.
π¨ CVE-2024-8144
A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Logo Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Logo Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
bug2_report/classcms_xss.md at main Β· acmglz/bug2_report
Contribute to acmglz/bug2_report development by creating an account on GitHub.
π¨ CVE-2024-1430
A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π¨ CVE-2024-8145
A vulnerability, which was classified as problematic, has been found in ClassCMS 4.8. Affected by this issue is some unknown functionality of the file /index.php/admin of the component Article Handler. The manipulation of the argument Title leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability, which was classified as problematic, has been found in ClassCMS 4.8. Affected by this issue is some unknown functionality of the file /index.php/admin of the component Article Handler. The manipulation of the argument Title leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
bug2_report/classcms_url_jump.md at main Β· acmglz/bug2_report
Contribute to acmglz/bug2_report development by creating an account on GitHub.
β€1
π¨ CVE-2024-42337
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
π@cveNotify
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
π@cveNotify
π¨ CVE-2024-42338
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
π@cveNotify
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
π@cveNotify
π¨ CVE-2024-42339
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
π@cveNotify
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
π@cveNotify
π1
π¨ CVE-2024-42340
CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security
π@cveNotify
CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security
π@cveNotify
π¨ CVE-2024-8146
A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
π¨ CVE-2024-8147
A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php?action=editPharmacist. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php?action=editPharmacist. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
π¨ CVE-2024-8011
Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera.
π@cveNotify
Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera.
π@cveNotify
HackerOne
HackerOne | Global leader in offensive security | Security for AI | Crowdsourced Security
HackerOne combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the SDLC. HackerOne offers AI red teaming, crowdsourced security, bug bounty, vulnerability disclosureβ¦
π¨ CVE-2024-33224
An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.2017 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
π@cveNotify
An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.2017 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
π@cveNotify
GitHub
Win-Driver-EXP/CVE-2024-33224 at main Β· DriverHunter/Win-Driver-EXP
This repo contains EXPs about Vulnerable Windows Driver - DriverHunter/Win-Driver-EXP
π¨ CVE-2024-22060
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.
π@cveNotify
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.
π@cveNotify
π¨ CVE-2024-20023
In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541638; Issue ID: ALPS08541638.
π@cveNotify
In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541638; Issue ID: ALPS08541638.
π@cveNotify
MediaTek
March 2024
π¨ CVE-2023-48957
PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers.
π@cveNotify
PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers.
π@cveNotify
LHN
Multiple Vulnerabilities Found In PureVPN β One Remains Unpatched
Researchers spotted a couple of security vulnerabilities in PureVPN Desktop clients for Linux that impact usersβ privacy. While PureVPN patched one flaw, another RCE vulnerability remains unpatched. Numerous PureVPN Vulnerabilities Affected Linux Clientsβ¦
π1
π¨ CVE-2024-45258
The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design.
π@cveNotify
The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design.
π@cveNotify
GitHub
prevent successful requests from invalid host Β· imroc/req@04e3ece
Simple Go HTTP client with Black Magic. Contribute to imroc/req development by creating an account on GitHub.
π¨ CVE-2024-8150
A vulnerability was found in ContiNew Admin 3.2.0 and classified as critical. Affected by this issue is the function top.continew.starter.extension.crud.controller.BaseController#page of the file /api/system/user?deptId=1&page=1&size=10. The manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was found in ContiNew Admin 3.2.0 and classified as critical. Affected by this issue is the function top.continew.starter.extension.crud.controller.BaseController#page of the file /api/system/user?deptId=1&page=1&size=10. The manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
Continew Admin V3.2.0 Presence of SQL Injection_1 Β· Issue #2 Β· Chiexf/cve
Summary The controllable sort parameter has led to SQL injection in Continue Admin v3.2.0. Environment Setup Build the backend code locally by downloading "https://github.com/continew-org/cont...
π¨ CVE-2024-8151
A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
CVE/SourceCodester_Interactive_Map_With_Marker_delete_mark_XSS.md at main Β· jadu101/CVE
Contribute to jadu101/CVE development by creating an account on GitHub.
π¨ CVE-2024-8158
A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user.
This is due to lib9p not properly verifying that the uname given in the Tauth and Tattach 9p messages matches the client UID returned from the factotum authentication handshake.
The only filesystem making use of these functions within the base 9front systems is the experimental hjfs disk filesystem, other disk filesystems (cwfs and gefs) are not affected by this bug.
This bug was inherited from Plan 9 and is present in all versions of 9front and is remedied fully in commit 9645ae07eb66a59015e3e118d0024790c37400da.
π@cveNotify
A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user.
This is due to lib9p not properly verifying that the uname given in the Tauth and Tattach 9p messages matches the client UID returned from the factotum authentication handshake.
The only filesystem making use of these functions within the base 9front systems is the experimental hjfs disk filesystem, other disk filesystems (cwfs and gefs) are not affected by this bug.
This bug was inherited from Plan 9 and is present in all versions of 9front and is remedied fully in commit 9645ae07eb66a59015e3e118d0024790c37400da.
π@cveNotify
π¨ CVE-2024-8152
A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/add-bookmark.php of the component Parameter Handler. The manipulation of the argument name/url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/add-bookmark.php of the component Parameter Handler. The manipulation of the argument name/url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
CVE/SourceCodester_QR_Code_Bookmark_System_add_bookmark_XSS.md at main Β· jadu101/CVE
Contribute to jadu101/CVE development by creating an account on GitHub.