7.8
CVE-2024-45139 - Substance3D - Stager | Heap-based Buffer Overflow (CWE-122)
Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2024-45140 - Substance3D - Stager | Out-of-bounds Write (CWE-787)
Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2024-45144 - Substance3D - Stager | Out-of-bounds Write (CWE-787)
Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
8.8
CVE-2024-9286 - SQLi in TRtek Software's Distant Education Platform
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection.This issue affects Distant Education Platform: before 3.2024.11.
9.8
CVE-2024-9680 - firefox: Use-after-free in Animation timeline (128.3.1 ESR Chemspill)
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbirβ¦
8.2
CVE-2024-45720 - Apache Subversion: Command line argument injection on Windows platforms
On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command lineβ¦
7.5
CVE-2024-28168 - Apache XML Graphics FOP: XML External Entity (XXE) Processing
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue.
7.6
CVE-2024-47334 - WordPress Zoho Flow for WordPress plugin <= 2.7.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Flow Zoho Flow zoho-flow allows SQL Injection.This issue affects Zoho Flow: from n/a through <= 2.7.1.
5.5
CVE-2024-45145 - Lightroom Desktop | Out-of-bounds Read (CWE-125)
Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction inβ¦
8.5
CVE-2024-9575 - Local File Inclusion in pretix-widget WordPress plugin
Local File Inclusion vulnerability in pretix Widget WordPress plugin pretix-widget on Windows allows PHP Local File Inclusion. This issue affects pretix Widget WordPress plugin: from 1.0.0 through 1.0.5.