5.5
CVE-2024-35184 - paperless-ngx's remote user auth via header works even when disabling it for API
Paperless-ngx is a document management system that transforms physical documents into a searchable online archive. Starting in version 2.5.0 and prior to version 2.8.6, remote user authentication allows API access even if API access is explicitly disabled. Version 2.8.6 contains a patchc for the isβ¦
4.4
CVE-2024-35183 - wolfictl leaks GitHub tokens to remote non-GitHub git servers
wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local userβs GitHub token to be sent to remote servers other than `github.com`. Most git-dependent functionality in wolfictl relies on its own `git` package, which contains centrβ¦
5.3
CVE-2024-4913 - Campcodes Online Examination System exam.php sql injection
A vulnerability classified as critical was found in Campcodes Online Examination System 1.0. This vulnerability affects unknown code of the file exam.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public aβ¦
6.7
CVE-2024-27244 - Zoom Workplace VDI App for Windows - Insufficient Verification of Data Authenticity
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
5.3
CVE-2024-4950 -
Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
6.5
CVE-2024-4949 -
Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
6.5
CVE-2024-4948 -
Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
6.5
CVE-2024-27243 - Zoom Apps - Buffer Overflow
Buffer overflow in some Zoom Workplace Apps and SDKβs may allow an authenticated user to conduct a denial of service via network access.
5.3
CVE-2024-4912 - Campcodes Online Examination System addExamExe.php sql injection
A vulnerability classified as critical has been found in Campcodes Online Examination System 1.0. This affects an unknown part of the file addExamExe.php. The manipulation of the argument examTitle leads to sql injection. It is possible to initiate the attack remotely. The exploit has been discloseβ¦
5.3
CVE-2024-4911 - Campcodes Complete Web-Based School Management System student_exam_mark_update_form.php sql injectiβ¦
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/student_exam_mark_update_form.php. The manipulation of the argument exam leads to sql injection. The attack mβ¦