7.4
CVE-2024-54137 - liboqs has a correctness error in HQC decapsulation
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treatedโฆ
5.3
CVE-2024-30129 - HCL Nomad server on Domino is affected by a host header injection vulnerability
The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address.
8.7
CVE-2024-12254 - Unbounded memory buffering in SelectorSocketTransport.writelines()
Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer โฆ
9.8
CVE-2024-54135 - Untrusted Deserialization in ClipBucket-v5 Version 2.0 to 5.5.1 Revision 199
ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/photo_upload.php within the decode_key function. User inputs were supplied to this function witโฆ
9.8
CVE-2024-54136 - Untrusted Deserialization in ClipBucket-v5 Version 5.5.1 Revision 199 and Below
ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection get parameter is directly provided to unserialโฆ
8.6
CVE-2024-54141 - phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not avaiโฆ
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.
6.2
CVE-2024-42196 - HCL Launch is susceptible to Insertion of Sensitive Information into Log File vulnerability
HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.
6.4
CVE-2024-4633 - Slider & Popup Builder by Depicter โ Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Moโฆ
The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โaddExtraMimeTypeโ function in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wiโฆ
8.1
CVE-2024-10516 - Swift Performance Lite <= 2.3.7.1 - Unauthenticated Local PHP File Inclusion via 'ajaxify'
The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of anโฆ
5.4
CVE-2024-11321 - Reflected XSS in Hi e-learning's Learning Management System (LMS)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hi e-learning Learning Management System (LMS) allows Reflected XSS.This issue affects Learning Management System (LMS): before 06.12.2024.