8.8
CVE-2024-31442 - Redon-Hub has incorrect permissions on all admin related commands
Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command iβ¦
6.3
CVE-2024-3455 - Netentsec NS-ASG Application Security Gateway add_postlogin.php sql injection
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add_postlogin.php. The manipulation of the argument SingleLoginId leads to sql injection. The attack can beβ¦
6.3
CVE-2024-3445 - SourceCodester Laundry Management System laporan_filter sql injection
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /karyawan/laporan_filter. The manipulation of the argument data_karyawan leads to sql injection. The attack can be initiated remotely. Theβ¦
9.8
CVE-2024-31224 - GPT Academic: Pickle deserializing cookies may pose RCE risk
GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Intβ¦
5.9
CVE-2024-31221 - Clients removed during unpairing process may regain access if Sunshine was not restarted
Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the iβ¦
4.7
CVE-2024-3444 - Wangshen SecGate 3600 ?g=net_pro_keyword_import_save unrestricted upload
A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It has been classified as critical. This affects an unknown part of the file /?g=net_pro_keyword_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. Theβ¦
3.5
CVE-2024-3443 - SourceCodester Prison Management System apply_leave.php cross site scripting
A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/apply_leave.php. The manipulation of the argument txtstart_date/txtend_date leads to cross site scripting. The attack can be initiated reβ¦
6.3
CVE-2024-3442 - SourceCodester Prison Management System delete_leave.php sql injection
A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. This affects an unknown part of the file /Employee/delete_leave.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the pβ¦
4.2
CVE-2024-31205 - Saleor CSRF bypass in refreshToken mutation
Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) validation when calling refresh token mutation with empty string. When a user provides an empty stringβ¦
5.3
CVE-2024-30269 - DataEase has database configuration information exposure vulnerability
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform's database configuration is returned. The vulnerability hasβ¦