10
CVE-2024-32651 - Server Side Template Injection in Jinja2 allows Remote Command Execution
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restrictionโฆ
10
CVE-2024-0916 - Unauthenticated Remote Code Execution in UvDesk Community
Unauthenticatedย file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3.
4.7
CVE-2024-3265 - WP Advanced Search <= 1.1.6 - Admin+ SQL Injection
The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.
9.1
CVE-2022-36029 - BigBlueButton Greenlight Open Redirect vulnerability
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.
9.1
CVE-2022-36028 - BigBlueButton Greenlight Open Redirect vulnerability
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.
5.3
CVE-2024-32649 - vyper performs double eval of the argument of sqrt
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `sqrt` builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the `build_IR` function of the `sqrt` builtin doesn't cache the argumeโฆ
5.3
CVE-2024-32648 - vyper default functions don't respect nonreentrancy keys
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Prior to version 0.3.0, default functions don't respect nonreentrancy keys and the lock isn't emitted. No vulnerable production contracts were found. Additionally, using a lock on a `default` function is a very sparsely uโฆ
5.3
CVE-2024-32647 - vyper performs double eval of raw_args in create_from_blueprint
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `create_from_blueprint` builtin can result in a double eval vulnerability when `raw_args=True` and the `args` argument has side-effects. It can be seen that the `_build_create_IR` fโฆ
5.3
CVE-2024-32646 - vyper performs double eval of the slice args when buffer from adhoc locations
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `slice` builtin can result in a double eval vulnerability when the buffer argument is either `msg.data`, `self.code` or `<address>.code` and either the `start` or `length` argumentsโฆ
0.0
CVE-2024-4206 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.