6.7
CVE-2024-31212 - SQL injection in index_chart_data action
InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in index_chart_data action, which receiveβ¦
5.5
CVE-2024-31211 - Remote Code Execution in `WP_HTML_Token`
WordPress is an open publishing platform for the Web. Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method. This issue was fixed in WordPress 6.4.2 on December 6th, 2023. Versions prior to 6.4.0 are not affected.
7.7
CVE-2024-31210 - PHP file upload bypass via Plugin installer
WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins -> Add New -> Upload Plugin screen in WordPress. If FTP credentials are requested for installation (in order to movβ¦
9.8
CVE-2024-27981 -
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device. Affected Productβ¦
9.8
CVE-2024-21894 -
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of β¦
8.2
CVE-2024-31206 - Use of Unencrypted HTTP Request in dectalk-tts
dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In `[email protected]`, network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victiβ¦
4.1
CVE-2024-29049 - Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
4.3
CVE-2024-29981 - Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
6.3
CVE-2024-3316 - SourceCodester Computer Laboratory Management System view_category.php sql injection
A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/category/view_category.php. The manipulation of the argument id leads to sql injection. The attack cβ¦
6.3
CVE-2024-3315 - SourceCodester Computer Laboratory Management System user.php sql injection
A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file classes/user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The explβ¦