6.9
CVE-2024-5519 - ItsourceCode Learning Management System Project In PHP login.php sql injection
A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has beβ¦
6.5
CVE-2024-35358 -
A vulnerability has been discovered in DiΓ±o Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=view_category. Manipulating the argument id can result in SQL injection.
8.1
CVE-2024-35430 -
In ZKTeco ZKBio CVSecurity v6.1.1_R and earlier (fixed in 6.1.3_R) an authenticated user can bypass password checks while exporting data from the application.
5.3
CVE-2024-5518 - itsourcecode Online Discussion Forum change_profile_picture.php unrestricted upload
A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit haβ¦
8.1
CVE-2024-36886 - tipc: fix UAF in error path
In the Linux kernel, the following vulnerability has been resolved: tipc: fix UAF in error path Sam Page (sam4k) working with Trend Micro Zero Day Initiative reported a UAF in the tipc_buf_append() error path: BUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skβ¦
9
CVE-2024-3300 - Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Releaseβ¦
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution.
8.5
CVE-2024-3301 - Post-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Releasβ¦
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution.
5.4
CVE-2024-35504 -
A cross-site scripting (XSS) vulnerability in the login page of FineSoft v8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL:errorname parameter after a failed login attempt.
4.4
CVE-2024-3924 - Code Injection in huggingface/text-generation-inference
A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the `autodocs.yml` workflow file. The vulnerability arises from the insecure handling of the `github.head_ref` user input, which is used to dynamically construct a command for installiβ¦
3.3
CVE-2024-4330 - Path Traversal in parisneo/lollms-webui
A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'list_personalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the dβ¦