8.7
CVE-2024-54148 - Gogs has a Path Traversal in file editing UI
Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1.
7.8
CVE-2024-53256 - Rizin has a command injection via RzBinInfo bclass due legacy code
Rizin is a UNIX-like reverse engineering framework and command-line toolset. `rizin.c` still had an old snippet of code which suffered a command injection due the usage of `rz_core_cmdf` to invoke the command `m` which was removed in v0.1.x. A malicious binary defining `bclass` (part of RzBinInfo) β¦
2.5
CVE-2024-55539 -
Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185, Acronis Cyber Protect 16 (Linux) before build 39938.
7.8
CVE-2024-12903 - Incorrect default permissions in Biamp Evoko Home
Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control pβ¦
0.0
CVE-2024-12904 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
8.4
CVE-2024-12902 - Global Wisdom Software ANCHOR - Undocumented Privileged Account
ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product contains high-privilege service accounts. If these accounts use default passwords, attackers could remotely log in to the virtual machine using the default credβ¦
6.4
CVE-2024-11230 - Elementor Header & Footer Builder <= 1.6.46 - Authenticated (Contributor+) Stored Cross-Site Scriptβ¦
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βsizeβ parameter in all versions up to, and including, 1.6.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contribuβ¦
6.9
CVE-2024-12901 - FoxCMS API Endpoint Site.php improper authorization
A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization. The attack can be launcβ¦
5.3
CVE-2024-12900 - FoxCMS Configuration File installdb.php code injection
A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to code injection. It is possible to launch the attack β¦
6.9
CVE-2024-12899 - 1000 Projects Attendance Tracking Management System course_action.php sql injection
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/course_action.php. The manipulation of the argument course_code leads to sql injection. The attack may be initiated remoβ¦