6.6
CVE-2024-50333 - RCE in ModuleBuilder in SuiteCRM
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels() function can be used to write attacker-controlled data into the custom language file that will be inclโฆ
8.8
CVE-2024-50332 - Authenticated Blind SQL Injection in DeleteRelationShip in SuiteCRM
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Insufficient input value validation causes Blind SQL injection in DeleteRelationShip. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no knowโฆ
4.1
CVE-2024-0134 - nvidia-container-toolkit: specially-crafted container image can lead to the creation of unauthorizeโฆ
NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerabโฆ
7.2
CVE-2024-49774 - ModuleScanner flaws in SuiteCRM
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM uses token_get_all to pโฆ
5.3
CVE-2024-49773 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. `current_post` parameter in `export` entry point can be abโฆ
8.8
CVE-2024-49772 - Authenticated SQL injection in AM_ProjectTemplates controller in SuiteCRM
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database. This issue has been aโฆ
5.5
CVE-2024-49377 - Jinja2 Templates are vulnerable to XSS attacks due to their configuration in OctoPrint
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a victim into clicking on โฆ
5.3
CVE-2024-51493 - API key access in settings without reauthentication in OctoPrint
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user'sโฆ
4.3
CVE-2024-51740 - SSRF through arbitrary PHP class instantiation in the user portal in Combodo iTop
Combodo iTop is a simple, web based IT Service Management tool. This vulnerability can be used to create HTTP requests on behalf of the server, from a low privileged user. The user portal form manager has been fixed to only instantiate classes derived from it. This issue has been addressed in versiโฆ
7.5
CVE-2024-51739 - Users enumeration allowed through Rest API in Combodo iTop
Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the user exists or not. This fix is included in verโฆ