The Week in Ransomware - May 17th 2024 - Mailbombing is back
CISO Corner: What Cyber Labor Shortage?; SEC Deadlines
6K-plus AI models may be affected by critical RCE vulnerability
Blind XSS to Account Takeover?. it’s a long one | by imwaiting18 | May, 2024 | Medium
Feds Bust N. Korean Identity Theft Ring Targeting US Firms
Microsoft to start enforcing Azure multi-factor authentication in July
10 Ways a Digital Shield Protects Apps and APIs
Intel Discloses Max Severity Bug in Its AI Model Compression Software
SEC Adds New Incident Response Rules for Financial Sector
2 D-Link router bugs added to CISA’s exploited vulnerabilities catalog
SEC: Financial orgs have 30 days to send data breach notifications
US woman allegedly aided North Korean IT workers infiltrate 300 firms
400K Linux Servers Recruited by Resurrected Ebury Botnet
ChatGPT-4o Is A Game-Changer In CyberSecurity... For All The Wrong Reasons | by Taimur Ijlal | May, 2024 | Medium
The Hacker’s Mind -Recon Mind map | by Tahir Mujawar | May, 2024 | Medium
CISA official Eric Goldstein to step down next month
Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking
MediSecure Data Breach Update: An ‘Isolated Incident’, Says The Cybersecurity Chief | Daily Security Review
How ID Scanning Apps Can Prevent Fraud
How a new wave of deepfake-driven cybercrime targets businesses
Breach Forums Admin ShinyHunters Claims Domain Reclaimed from FBI
US arrests suspects behind $73M ‘pig butchering’ laundering scheme
WebTPA data breach impacts 2.4 million insurance policyholders
Five charged for cyber schemes to benefit North Korea's weapons program
Australians’ prescription records breached in large-scale ransomware attack
Arrests made in North Korean remote job scam targeting US firms
Financial companies must have data breach incident plans, SEC says
City of Wichita disclosed a data breach after the ransomware attack
What to Look for in Cyber Insurance Coverage
CISOs and Their Companies Struggle to Comply With SEC Disclosure Rules
Whose Data Is It Anyway? Equitable Access in Cybersecurity
Addressing the Cybersecurity Vendor Ecosystem Disconnect
UK Councils Warn of Data Breach After Attack on Medical Supplier
New Android Banking Trojan Mimics Google Play Update App
Report: Cat-phishing of legitimate websites on the rise
Researchers: 'Adversarial attacks' capable of producing harmful AI responses
Cybersecurity summit at Google tackles election threats
Human rights activists targeted in Kimsuky malware campaign
Five charged for cyber schemes to benefit North Korea's weapons program
Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days
Patient Data at Risk in MediSecure Ransomware Attack
Ten ways to minimize software supply chain risks
CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog
China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT
New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs
Conservative News Post Millennial Data Breach Impacts Over 26 Million Users | Daily Security Review
US exposes scheme enabling North Korean IT workers to bypass sanctions
Unpacking the Top Vulnerabilities Exploited by Sophisticated Attackers
CISA adds Chrome zero-days to its Known Exploited Vulnerabilities catalog
Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks
The importance of access controls in incident response
North Korea-linked Kimsuky APT attack targets victims via Messenger
CISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch Now
Kroll expands its document review capabilities to accelerate incident response
GitLab unveils AI capabilities to help organizations better secure their software
The IT skills shortage situation is not expected to get any better
New infosec products of the week: May 17, 2024
Too many ICS assets are exposed to the public internet
Organizations struggle to defend against ransomware
An Infostealer's Brewin': Cuckoo & AtomicStealer Get Creative
AI SOC Solutions, Revamp Your Cybersecurity, & Nightwing Introduction – Jon Check, Ricardo Villadiego, Jim McDonough – ESW #362
AI-generated code top cloud security concern amid 100% use rate in survey
E-prescription provider MediSecure impacted by a ransomware attack
Efficient Document Merging Strategies for Professionals
HP Reports High-Impact Cat-Phishing Targeting Users
Santander Falls Victim to Data Breach Involving Third-Party Provider
US AI Experts Targeted in SugarGh0st RAT Campaign
There Is No Cyber Labor Shortage
Nissan Data Breach Exposes Social Security Numbers Of Over 53000 Employees | Daily Security Review
Rockford Public Schools Ransomware Attack Encrypted And Stole Student Data | Daily Security Review
Santander Data Breach Exposes Customer And Employee Details | Daily Security Review
Five charged for cyber schemes to benefit North Korea's weapons program
Norway recommends replacing SSL VPN to prevent breaches
GE Ultrasound Gear Riddled With Bugs, Open to Ransomware & Data Theft
Asian Threat Actors Use New Techniques to Attack Familiar Targets
How I Found Multiple XSS Vulnerabilities Using Unknown Techniques | by Khaledyassen | InfoSec Write-ups
Telemetry in OpenCTI 6.1. Since 6.1, OpenCTI gathers some… | by Cathia Archidoit | May, 2024 | Filigran Blog
Security Analysis of an IX2400 VPN Gateway: Root Access | by Marcel Rick-Cen | May, 2024 | Medium
Dell Loses 50mil people’s data & Ohio Loses 500k people’s SSN, Cyber News Beat | by Michael Lopez | May, 2024 | Medium
Google patches 3rd Chrome browser zero-day inside of a week
MIT Graduate Brothers Arrested for $25 Million Ethereum Heist
Cybercriminals Increasingly Targeting the Pharmacy Sector
MediSecure e-script firm hit by ‘large-scale’ ransomware data breach
Microsoft shares temp fix for Outlook encrypted email reply issues
Rounding up some of the major headlines from RSA
Windows Quick Assist Exploited in Ransomware Attacks
Microsoft’s Quick Assist used in scam to drop Black Basta ransomware
New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks
Shadow IT: Personal GitHub Repos Expose Employee Cloud Secrets
Russian hackers use new Lunar malware to breach a European govt's agencies
How to manage the security risks of generative AI tools
Kimsuky hackers deploy new Linux backdoor in attacks on South Korea
Microsoft: Windows Server 2019 updates fail with 0x800f0982 errors
The Fall of the National Vulnerability Database
FCC Reveals 'Royal Tiger' Robocall Campaign
SugarGh0st RAT Variant Used in Targeted AI Industry Attacks
Lawmakers call for $32B in support for AI development
Report: China-linked group used malware to access commercial shipping systems
House bill orders CISA to create task force for AI concerns
Kimsuky hackers deploy new Linux backdoor via trojanized installers
Patch Now: Another Google Zero-Day Under Exploit in the Wild
Google's AI Watermarks Will Identify Deepfakes
Windows Quick Assist Anchors Black Basta Ransomware Gambit
CISO Confidence in AI Security Grows as GenAI Adoption Rises
53,000 Employees' Social Security Numbers Exposed in Nissan Breach
Novel backdoors seen in use against European government agencies
Ransomware attack impacts law enforcement data in Wichita
Cofense: Phishing campaign targets Meta business accounts
Google fixes seventh actively exploited Chrome zero-day this year
North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign
Entangle Launches Mainnet Leveraging Omnichain Interoperability
IoT Cameras Exposed by Chainable Exploits, Millions Affected
Google fixes third actively exploited Chrome zero-day in a week
Vulnerability Deep Dive - Cisco Talos Blog
Talos releases new macOS open-source fuzzer
How a converged IT/OT SOC can protect critical infrastructure    
Santander: a data breach at a third-party provider impacted customers and employees
Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines
Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)
Nigeria Halts Cybersecurity Tax After Public Outrage
UK Lags Europe on Exploited Vulnerability Remediation
BreachForums Hacking Marketplace Taken Down Again
Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947)
Security Brief: Artificial Sweetener: SugarGh0st RAT Used to Target American Artificial Intelligence Experts
Palo Alto Networks partners with IBM to deliver AI-powered security offerings
Ebury botnet compromises 400,000+ Linux servers
Is an open-source AI vulnerability next?
OWASP dep-scan: Open-source security and risk audit tool
Cybercriminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks
Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability
Cloud security incidents make organizations turn to AI-powered prevention
The critical role of IT staffing in strengthening cybersecurity
Product showcase: Block ads, cookie pop-ups, trackers with CleanWeb
Android 15, Google Play Protect get new anti-malware and anti-fraud features
Google patches third exploited Chrome zero-day in a week
Android to add new anti-theft and data protection features
Alkira Raises $100M in Series C Funding to Simplify, Secure and Scale Critical Network Infrastructure
Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings
Flaw in Wi-Fi-Standard Can Enable SSID Confusion Attacks
FBI, DoJ Shut Down BreachForums, Launch Investigation
Scammers Fake DocuSign Templates to Blackmail & Steal From Companies
Notice of a Data Breach
BreachForums seized by FBI for 2nd time
FBI seized the notorious BreachForums hacking forum
THE RETURN OF LOCKBIT!. NOTE: I started this story before… | by Rakesh Krishnan | Coinmonks | May, 2024 | Medium
A Tornado Cash developer has been sentenced to 64 months in prison
Brothers arrested for $25 million theft in Ethereum blockchain attack
Android 15, Google Play get new anti-malware and anti-fraud features
Nissan North America data breach impacts over 53,000 employees
A Deep Dive into SHA-256 By Learning To Hash by Hand | by Dr. Ashish Bamania | May, 2024 | Level Up Coding
Ransomware attack on Nissan North America results in employee data loss
May 2024 Patch Tuesday: Updates and Analysis
CrowdStrike and NVIDIA to Redefine Cybersecurity for the Generative AI Era
CrowdStrike Enhances Cloud Asset Visualization to Accelerate Risk Prioritization
Falcon Fusion SOAR and Machine Learning-based Detections Automate Data Protection Workflows
Google Launches AI-Powered Theft and Data Protection Features for Android Devices
Android 15 Rolls Out Advanced Features to Protect Users from Scams and Malicious Apps
FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity
Popular Cyber Crime Forum Breach Forums Seized by Police
Apple blocked $7 billion in fraudulent App Store purchases in 4 years
Windows Quick Assist abused in Black Basta ransomware attacks
PDF Exploitation Targets Foxit Reader Users
Cyber-Attack Disrupts Christie’s $840M Art Auctions
Microsoft fixes exploited Qakbot-delivering 0-day in May Patch Tuesday
Banco Santander warns of a data breach exposing customer info
FBI seize BreachForums hacking forum used to leak stolen data
3 Tips for Becoming the Champion of Your Organization's AI Committee
D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day
Sophos Firewall v20 MR1 is now available
Microsoft lawyer to appear in House committee hearing on cybersecurity
Anti-stalking feature to become part of Android 6.0+ and iOS 17.5
US agencies issue warning about Black Basta ransomware gang
US agencies warn of state-sponsored cyberattacks on civil society groups
Draft of 2025 defense bill includes mobile device cybersecurity evaluation
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion
Protect against lateral movement attacks by securing credentials
A Cost-Effective Encryption Strategy Starts With Key Management
Top 5 Most Dangerous Cyber Threats in 2024
NCSC Expands Election Cybersecurity to Safeguard Candidates
The Zero Trust Security Gap No One Talks About and How to Fill It
Google Expands Content Watermarking Tool to AI-Generated Text
Apple issues fix for Safara zero-day uncovered in hacking contest
UN report exposes North Korean cyberattacks, crypto laundering spree
US, UK decry escalating cyber activities from China
Google, Apple launch anti-tracking feature for smartphones
New cybersecurity sheets from CISA and NSA: An overview
Turla Group Deploys LunarWeb and LunarMail Backdoors in Diplomatic Missions
FireMon Asset Manager 5.0 improves situational awareness
How attackers deliver malware to Foxit PDF Reader users
ManageEngine SaaS Manager Plus simplifies access management
Adobe fixed multiple critical flaws in Acrobat and Reader
Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years
(Cyber) Risk = Probability of Occurrence x Damage
It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure
MITM Attacks Can Still Bypass FIDO2 Security, Researchers Warn
Santander Customer Data Compromised Following Third-Party Breach
Seven AI attack threats and what to do about them
A Third of CISOs Have Been Dismissed “Out of Hand” By the Board
Current Market Forces Disincentivizing Cybersecurity, Says NCSC CTO
Microsoft Fixes Three Zero-Days in May Patch Tuesday
Dutch Court Sentences Tornado Cash Co-Founder to 5 Years in Prison for Money Laundering
Ransomware attack on Singing River Health System impacted 895,000 people
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
Calix strengthens SmartBiz security with automated alerts and anti-spam compliance tools
Cybersecurity analysis exposes high-risk assets in power and healthcare sectors
Cybersecurity jobs available right now: May 15, 2024
Core security measures to strengthen privacy and data protection programs
Ransomware statistics that reveal alarming rate of cyber extortion
Key questions to ask when tailoring defensive stacks
Initial Access Brokers, Infostealers, and Everything Between Them
The Darker Side of Stealer Malware: A Consumer Nightmare
Staying ahead of threat actors in the age of AI
Real-world Insights from a Sophos Threat Analyst: It’s Great You Have a Firewall, But Here’s Why You Shouldn’t Skip Over MDR
Revolutionizing the essentials: Friction-minimizing approaches to overcoming advanced account takeover (ATO)
No mayday call necessary for the year’s fifth Patch Tuesday
Singapore Cybersecurity Update Puts Cloud Providers on Notice
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
Microsoft Windows DWM Zero-Day Poised for Mass Exploit
When Dark AI Outsmarts Us: The Silent Acceleration of Illicit and Malicious AI’s Innovation Power | by Sam Vaseghi | Apr, 2024 | AI Advances
Explore topics
The Weakest Link in the Cybersecurity Chain: Email | by Prof Bill Buchanan OBE FRSE | Apr, 2024 | Medium
The Story Of The “Morris Worm” & How Rust Could Have Prevented It | by Dr. Ashish Bamania | Apr, 2024 | Level Up Coding
Cybersecurity and the Australian Federal Budget 2024 | by Ian Yip | May, 2024 | Medium
Medium
3 easiest bugs that you can find right now [guarantied] | by Imad Husanovic | May, 2024 | System Weakness
Hunting Black Basta’s Cobalt Strike | by Intel-Ops | May, 2024 | Medium
Mobile Phone Hacking. Disclaimer! | by Pine Damian | Apr, 2024 | Medium
How I Found My First RCE. Unveiling My First RCE Journey | by ABDELKARIM MOUCHQUELITA | May, 2024 | Medium
LockBit ransomware spread in millions of emails via Phorpiex botnet
CTO at NCSC Summary: week ending May 19th
IKON SK6 Radienprofil Extra Code picked and gutted - YouTube
anthony/sandoc: Universal document sanitizer. - Ichido Forge
Google launches Gemini-powered Cybersecurity AI Tools To Combat Cyber Threats
QNAP QTS - QNAPping At The Wheel (CVE-2024-27130 and friends)
x.com
GitHub - atola-technology/iscsi-targets: Automatically create iSCSI targets for all drives except for a boot device
Microsoft Puts Its Money Where Its Cybersecurity Is, Tying Exec Pay to Security Performance | American Content Network
400,000 Linux Servers Hit by Ebury Botnet  - SecurityWeek
VFCFinder Highlights Security Patches in Open Source Software - Security Boulevard
GitHub - karthikuj/sasori: Sasori is a dynamic web crawler powered by Puppeteer, designed for lightning-fast endpoint discovery.
903. Union 2234 Mortice 5 Lever Sash Lock picked and gutted with homemade lever lock pick tools - YouTube
Kwikset SmartKey Deadbolt Security Review - YouTube
GitHub - usdAG/cstc: CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef
Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets
Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability
Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines
✂️ wtf? - YouTube
Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach | Ars Technica
LogRhythm and Exabeam announce merger to enhance AI-driven cybersecurity solutions - SiliconANGLE
The MediSecure Website is currently under maintenance, please check back soon.
Patch Diffing CVE-2024-3400 from a Palo Alto NGFW Marketplace AMI | Sprocket Security
Seriously, stop using RSA | Trail of Bits Blog
About | Sfoffo - Pentesting Notes
Palo Alto Networks will buy IBM QRadar cloud security software assets
Cyber trust label could be in place by end of the year, White House says
Bain Capital Crypto Whiteboards - YouTube
032 Assa twin v10 pick & gut. Black 1. - YouTube
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware | Microsoft Security Blog
GitHub - RoseSecurity/Red-Teaming-TTPs: Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike!
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware | Microsoft Security Blog
Critical vulnerabilities in Telit Cinterion modems | Kaspersky official blog
Executing Cobalt Strike's BOFs on ARM-based Linux devices
iPhones And Androids Can Now Warn You of 'Secret Trackers' | IBTimes UK
MoD contractor hacked by China visited by Pure Audits - "No Comment" - YouTube
Initial Access Brokers, Infostealers, and Everything Between Them | InfoStealers
Safecracking for Everyone 2nd Edition.pdf - Google Drive
Proof-of-Concept: Multi-channel Server Side Events using Alpine
SpringSecurity-App
Testing the security of the website
Proof of concept for C and C# interop for university
This contains code and documents of physical layer security for device to device communication under Nakagami channel
We want to implement the security of computer systems in this part of the LSB project
210701252-CS19642-Cryp-NetworkSecurityLab
onyx-security
.Hack HEAP 2024 Group Project
This Python tool is a powerful Facebook account verification tool used to check Facebook profiles and save checked accounts to .txt file.
Welcome to our project, An Online-Learning-Platform platform built on the MERN stack. Security is paramount. We implement robust authentication, authorization, and mail OTP verification systems to safeguard user data and ensure secure access. Our platform
This repository contains all the lab experiments of CS19642- Cryptography and Network Security lab done by Vidhiya S B - 210701306.
securityWebcam
Proof of Concept using a variety of patterns
Repository for CSC 842 - Security Tool Development
Proof of concept for RAG using Elasticsearch to provide context.
spring-boot-benjamin-security-filters
An Proof of Concept about an electron chat application
NLP and security TTPs explored
holbertonschool-cyber_security
Computer-Security--Frontend
Projeto de teste com spring security, spring boot 3.2.5, spring data jpa, spring web, maven, java 21
Proof of concept for a RESTful API server for MDaemon.
This repository contains my internship assignments completed during my tenure at Albus Security. The projects focus on practical applications of networking and Python, showcasing the skills and knowledge I have acquired.
nes_rom_hacking
Proof_of_concept
GCP Data Engineering Technical Training Proof-of-Concept
SpringSecurity
This Python application is used to verify the status of Facebook accounts, determining whether they are alive, in checkpoint or dead.
Spring-security-
This project implements an AWS-based application for vehicle label and text detection using Rekognition AI services. It includes image upload to S3, Lambda triggering from SQS, label and text detection, database updates, and email notifications for securi
Proof of concept: Flutter with WebRTC, Voice Recognition and AI
A proof of concept for running JavaScript plugins on a Minecraft server.
A mobile platform to view and buy tickets for events for users, and host events for organizers. (Proof of Concept)
GitHub Account Creator is a Python tool that enables automatic account creation on GitHub. Automatically generating your credentials, the script quickly creates a new account.
Java, Spring boot 3, Spring Security 6, Spring Authorization Server
LilpanXD.github.io/Hack-nasa-api
SpringTiendaWebSecurity
security-implementation
This project enhanced the security of an underground safety system for mining using LoRa technology. Utilizing Arduino Uno microcontrollers and LoRa transceivers for location data, it addressed security gaps by integrating advanced encryption and authenti
CS19642-Cryptography-and-network-security
stackelberg_security_games
some simple proof of concepts using google api
Security_fortress
A proof-of-concept canister that returns the input addresses of a given Bitcoin transaction.
GCP Data Engineering Technical Training Proof-of-Concept
Config files for my GitHub profile.
spring-security-jwt
Quantum Based data security for educatational Institutions
Demo version of the Guard Management application
Your Premier Choice For PUBG Hacks
Learning Security Engineering
Proof of concept experiment using WebGL with Go/WASM. The repo follows this MDN WebGL guide: https://developer.mozilla.org/en-US/docs/Web/API/WebGL_API/Tutorial
Made my first project as an Intern at Prodigy InfoTech under domain Cyber Security. This is a Caesar Cipher program used to encrypt and decrypt messages by shifting character by a certain fixed number.
A python script for scraping delivery data for different securities from Nseindia
K.knock_study
Пульт охраны банка(Django ORM)
Spring Security + Jwt + Redis 를 이용한 로그인
Curso sobre Hacking Etico con Python - Viruses y Troyanos
a simple proof-of-concept cooking game built with Scene Builder
Previous Proof of concept API
The AWS Ride Sharing Application is a cloud-based platform designed for ride-sharing services. It utilizes several AWS services for scalability, security, and reliability.
Auth0 Proof of Concept for Apple Social Login
This Python script provides a comprehensive automated penetration testing tool for performing various security assessments and tests on a target system or network. It leverages popular tools and techniques commonly used in penetration testing to identify
eset internet security license key,eset internet security,eset internet security license key 2022,eset internet security key,eset nod32 internet security,eset internet security license key 2021,eset nod32 antivirus license key 2022,eset nod32 license key,
Web-Application-Security
Proof of Concept
Config files for my GitHub profile.
Ethical_Hacking
Task 02 of the Prodigy InfoTech Cyber Security Internship i.e Image Encryption & Decryption program using Python.
Trello is a visual tool for managing projects and tasks. Users create boards with lists and cards to organize tasks, collaborate, assign tasks, and track progress. Features include RESTful APIs, real-time updates, and security. Tasks move through lists (T
A project from Hacking withiOS: SwiftUI Edition
A proof-of-concept automated flatpak repository
This project is to check the security of the password and also to generate a secure password by ReactJs
Proof-Of-Concept to demonstrate the value of UiTwisselingsplatform.be data products wrt culture and youth infrastructure in Flanders.
Real-time proof of concept with React Native & Expo.
security_guard
Pyhton3-Hacking
HACK_1_RESUELTO\
Manim but for hackers.
Repo for binary exploits for Software Security Engineering
This salary calculator makes deductions, such as taxes and social security, when the net salary value is displayed, and the deducted value
This repo cover all the latest hibernate realationship and spring security with JWT tokens project files
FIVEM HACK DOWNLOAD | GTA 5 FREE CHEAT | UNDETECTED 2024
Checks a password if it has been hacked earlier
CyberSecurity-Secure-Game-Survey-Backend
Spring-Security-Template
Spring-Security
jwt-security
A research project pertaining to embedded security using the MITRE eCTF competition as reference
Security-Alarm-System
This repository contains the source code for my website developed as part of the Hack Your Future bootcamp assignment
A series of optimization problems related to Vertex Cover
SQL INJECTION
SecureAuth: MERN stack web app prioritizing user authentication & security with bcrypt password encryption, robust Express backend, and MongoDB database.
CCF-Conf Deadline filtering for security
A proof-of-concept Fish-based PVP plugin.
ProdigyInfotech_InternshipTask3_Cyber_Security_by_Favour_Bassey
inclass-spring-security
Repositorio con los 8 Hacks
a proof of concept to combine a sveltekit and tailwindcss frontend with a fastapi python backend in a tauri app
Labs and Projects from Software Security Course
Spring security application
codacy-proof-of-concept
fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, valorant driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, legends, warzone, cal
fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, valorant driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, legends, warzone, cal
Reconnaissance: ,Vulnerability Identification , Exploitation, Payload Delivery:,
A responsive and SEO-optimized corporate website for SkyGlow Events, built with HTML, CSS, and JavaScript. The site showcases drone light show technology and services, featuring client testimonials and secure contact forms. Ensures seamless performance ac
fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, valorant driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, legends, warzone, cal
Initial proof of concept for Keylogic's api
Proof-of-concept CsWin32 replacement
Armazenando meus projetos relacionados a hacking.
Proof of concept for port of Soundscape to Android
fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, valorant driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, legends, warzone, cal
Ethical-Hacking
fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, valorant driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, legends, warzone, cal
Primer hack con ramas 1-8
fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, valorant driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, legends, warzone, cal
fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, valorant driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, legends, warzone, cal
security-pipeline
Eljotech solutions security providers website
All of my job I did in Security operation engineer in here
Ethical-Hacking-tools
This tool can be used to encrypt and decrypt algorithms which are AES,DES,Triple DES and Blowfish combined with strategic integration of the GPT-2 Model,which demonstrates the application's capacity to adapt to current and new security concerns.
Project focused on exploring the functionalities of Spring Security in the context of JWT authentication.
Spring-Security
Spring Security, JWT token, Angular
Cyber Security Resume/Portfolio
Spring Security JWT Token login and registration with email validation on Spring Boot 3.4.5 and Java 17
A script to apply offsets hacks for games!
Proofs of concept for ac-cloudifier
Nasha_Mukti_Security
Our project focuses on building an image recognition and object detection system. Using advanced algorithms, it can analyze images to identify objects and their locations within them. This technology has applications in security, autonomous vehicles, and
Various tests and proofs-of-concepts
Dive into the immersive world of CompTIA Security+ Labs 601 and unlock your potential for cybersecurity mastery. Explore hands-on exercises designed to elevate your skills and secure success in the dynamic field of information security. Get ready to unlea
This is a proof of concept to help someone debug their Parcel + motion code.
It's an credit card fraud detection software use to detect the hackers who scam our money or not.
security-reviews
A Secure messaging app developed for semester project. Course name: Information Security and Forensics.
Proof Of Concepts
Speekboard, A proof of concept Speech-to-Text android keyboard running OpenAI Whisper
Security-Audit
This project helps automate qr patrol logging for all security guard personnel.
here is a testing repo. have fan hackers.
A pseudo-Mnemonic generator, the seed's security L2
Security-testing-on-peer-to-peer-network-on-multichain-blockchain
Hosting our hacked sourdough bread recipies
app para usar jsonwebtoken con spring security
API-hacking
A sample application demonstrating a security issue from the OWASP Top 10 topic A05-Security Misconfiguration
A proof of concept for a custom 3D raycasting renderer
.
Multimodel-Smart-Door-Lock-Security-System
Client-side object tracking proof-of-concept
Step into the world of security mastery with our enticing ISO 27001:2022 Study Hub. Explore the depths of cybersecurity brilliance, elevate your knowledge, and ignite your career potential. Dive into a treasure trove of resources meticulously curated to e
Anchor Cyber Security - Curated List of Security Resources
This repo contains 2 different services , first one is Identity Service that stores user identity data and second one is OTP Manager Service that helps
Curso de Oplesk Hacks
Proof of concept implementation of a RP and IdP using post-quantum SAML.
My solutions for the one month preparation kit in Hacker Rank
Awareness Campaign voor het vak OS Security
Automated daily updates of AWS IP ranges for optimal network configuration and security. Stay up-to-date with the latest AWS IP information. ⭐ If you find this repository useful, please star and follow! ⭐
Security-In-Cloud-Terraform-Static-Analysis
Share to support security assessment
Hack The Box Walktroughs
Java Full-Stack Development with Spring Boot, Spring Security and Thymeleaf + Email Verification
ChipSecuritySystems
Kubernetes-Security
Proof of concept of using social login with supabase
spring-security
Managing user data with an emphasis on privacy and security, implementing robust authentication and authorization mechanisms, maintaining session integrity, and developing secure REST APIs.
proof of concept of a tool to enhance likeness of subjects in SDXL
A list of URLs for security advisories and common-vulnerability-enumeration information (CVEs) to ease the process of finding free, fresh and reliable information about product vulnerabilities..
e2e app to practice login registration and spring security
This repository contains a collection of Python scripts designed for network security exploration and learning purposes.<
ubi-security-tudoigual
Proof of concept of my basketball stat keeping app
A Hacker News proxy which prefetches discussions for offline reading (between subway stations!)
minimum proof of concept for live udpate to distribute and load HD art
WIA1002HackingTheFuture
2024 MLH Global Hack Week: Data | Analyzing US Weather Events Data
Proof of concept to learn how GitHub actions works with firebase
Top-comandos-para-hacking-etico.-Alejandro-Doral
Terraform provider for authoring Content Security Policy header values
SecurityPolicies
Solution to the Anthropic Security Engineer Hiring challenge
Implemented LRCN model using deep learning to enhance security systems for Dubai International Academic City. Utilized neural networks like long short-term memory and convolutional neural network to classify human activity. Evaluated model effectiveness b
Repository about User Data and it's protection and security.
FreeCodeCamp's Information Security Application HelmetJS (1)
XDR, SEIM, SOAR, etc. Ideas and general configurations that should be deployable anywhere.
hacks
spring-security
WordPress Auto Admin Account Creation and Reverse Shell cve-2024-27956 automates the process of creating a new administrator account in a WordPress site and executing a reverse shell on the target server. It utilizes the wp-automatic plugin's CSV injectio
该项目从USENIX Security 2023会议中提取并封装了PHP调用图生成部分的核心代码。其主要功能是生成PHP项目的函数和方法调用图,以便开发者和安全研究人员分析代码调用关系。
Syncs rules from all open PRs in the sublime-security/sublime-rules repo, for testing purposes.
Study note
Gost Has Astounding Security Too
This application serves as a platform for managing user accounts, transactions, and progress tracking, with a strong emphasis on security and compliance.
Door-Security
This project is developed for the UNICA.IT University Network Security exam.
Hack to post random quotes to bluesky
Hack Computer HDL Implementation
Byte Brother is watching YOU
Hacking-Tools-In-Python
A proof-of-concept implementation of KiloNova
The Data-driven project about Growth hacking
In this repository i mostly put my proof of concepts and Azure Architectures
Hacker rank problems solved by me
Network-Security-Groups-NSGs-and-Observing-Network-Traffic
SpringBoot-Security
Repositorio donde alojo información relevante acerca de las vulnerabilidades más conocidas.
security-service
❄️ web security module
spring-security-map
Security-Project
Secure Direct Messaging for Social Media
tiktok-bot tiktok-view-bot tiktok-views tiktok-followers tiktok-followers-bot tiktok-hack tiktok-views-bot tiktok-likes-bot tiktok-likes tiktok-viewbot tiktok-follower tiktok-view tiktok-follow-adder tiktok-mass-report-bot tiktok-viewer tiktok-tool tiktok
HW2-Comp-Security
SecurityAssignment3
JAVA---SPRING-SECURITY
hack
Gain the ultimate edge in aviator games with predictor, cheat, and hack tools. Precise scripts, macros, and win analysis tools help you crash less and soar higher. The aviator predictor app equips your Android device with a smart bot leveraging proprietar
Projeto desenvolvido no Curso Nuxt Extreme - Lucky Hackers Academy
This repo contains code for backend of Time Hacker, written using FastAPI Python
Cyber security project that incorporates Atomic Red Team tests and provides mitigation options
ethical_hacking_project
HONEYPI is a Python-based Internal honeypot designed to lure in cyber attackers, collect valuable threat intelligence, and provide real-time alerts to security teams. It simulates a vulnerable WordPress site, gathers attacker information, sends notificati
Developed A Webiste For Blood Donation Management. Having Main & Spring-Security Branches Implemented Email Notification Interation Implemented A Comprehensive System For Tracking Donor Information, Appointments, And Medical History.
MARKET-OF-SHAME-SECURITY-AND-PRIVACY-VIOLATION-OF-DIGITAL-LENDING-APPLICATION-IN-NIGERIA
Spring boot API with mongoDb, Security, CICD
Cybersecurity awareness tips
Automated-Attendance-and-Class-Security-Management-System
This is the system that link the security guards and the individual companies.
PP_3_1_5_Boot_Security_Rest_Controllers2
A modern Hacker News UI built with Sveltekit, Tailwind, and DaisyUI.
Proof of concept showing a single class being used to render instancing and batching geometry in a single draw call.
SecurityOnionLab
SpringBoot-React-Security-login
ServiceBricks Security Microservice - Centralized security for managing application access
A website for better security
rakuten-security-exporter
Website Ranking is well known application to test the web application based on 11 parameters. Such as Security And Privacy, Performance And Technical, SEO etc.
Data Analysis for Chemical Security purposes
Computer Security
Polybius Cipher and Myszkowski Transposition encrypt_decrypt
Tools, Links, and documents related to various security data exchange formats/methods/services
This repository hosts an implementation of the Triple Data Encryption Standard (DES) algorithm in Java, alongside comprehensive unit tests and a sample JavaFX project demonstrating its usage. Triple DES, also known as TDES or TDEA, is a symmetric-key bloc
SecurityLogMiner.github.io
Working with security principles to implement and expand on what I have learned in my security classes.
The Real Estate Investment Project with Enhanced Security using Chainlink
Security_Project
A system designed for parsing, analyzing, and monitoring Certificate Transparency (CT) logs. This project aims to provide comprehensive insights into SSL/TLS certificates, helping to enhance web security and transparency. Inspired by the Certificate Trans
An encrypted file system in Rust that mounts with FUSE on Linux. It can be used to create encrypted directories
University project of a website in blog format about digital security
In this project, I've developed an e-commerce website featuring several key functionalities to enhance user experience and security. This includes the implementation of Private Routes to safeguard sensitive user data, a Cart Page functionality for seamles
The King Crab Hack
Spring Security Project And Document
Chat en direct avec le hacker du réseau du moment
Pegasus Script (PEG) is a scripting language specifically designed for the Go-based hacking shell, Pegasus.
Script to massively deploy V1S&WP agent to multiple linux EC@ using AWS SSM
python projects related to cybersecurity & hacking or just for practice
Application-Security
Hack'n'Leap is a platform game on the theme of programming
Proof of Concept for a Master's thesis, Computer Science and Engineering MSc in Instituto Superior de Engenharia de Lisboa.
Данный проект - вебсайт, backend которого реализован на java и реализованы такие возможности как: Авторизация с JWT токеном, CRUD - операции с базой данных а также настроенная аутентификация , сделанная на Spring Security
#기초 - Spring / kotlin / JPA / Spring Security / JWT 로그인
WARNING: This is a proof-of-concept idea - it might be removed again
Information security, cryptography(C#)
SafeEncode: Security tool for encoding/decoding sensitive data, ensuring privacy & confidentiality. Enables secure communication & DB storage.
A repository of random technical topics in no particular order
Todo-App-with-Spring-Security
HackingWithSwift
UbuntuServerSecurityHardening
network-security
🔖 Notes about security
Hey there, I'm on a mission to make the digital world a safer place, one line of code at a time. As an Ethical Hacker,
A repository full of useful lua scripts for hacking the Donkey Kong Country Trilogy on SNES.
Repositorio donde seran alojados apuntes y mas de la clase de Seguridad en redes y Sistemas de Software
Implementing Robust Security with Spring Boot
A proof-of-concept ED discharge instruction generator using retrieval-augmented generation
securityProject
This repository contains a Proof of Concept (POC) that demonstrates the potential unlocked by ERC-4337 within the Frak-Ecosystem.
Welcome to Digital Security Ops Mastery, your resource for mastering digital security operations. Explore topics like setting up nextcloud sync, google-free phones and setting up child-proof mobile devices.
Step-by-Step Guide to Integrating MetaMask Wallet into Web Apps using Vanilla JavaScript, HTML, and CSS - Perfect for Beginners at Irvine Hacks Workshop
This repository contains the analysis reports, technical details or any tools created for analyzing a piece of malware sample. Additionally, the repo also contains interesting TTPs extracted and recreated from malware samples for security testing.
Embed LCs from different surveys into a latent space such that they are close together. IAIFI hack project.
This is a project that evaluates the security of code generated by LLM.
Torture Prevention Security Systems
Management of Hack for L.A.'s AWS IAM resources
springboot_crud_security
I'm learning pentesting/hacking and this is a place where I document my (newly earned) knowledge.
OWASP Thick Client Application Security Verification Standard
Dive indepth into Node.js
Spring Boot, Spring Security, JPA, JWT 등의 기술로 이루어진 springboot3 버전의 multi module project 입니다.
My 1st project: Java, Spring (Boot, MVC, Security, Data JPA), Hibernate, MySQL, Thymeleaf, Docker
Scout is an extensible open-source tool intended to assist smart contract developers and auditors detect common security issues and deviations from best practices. Scout audit is the core development on which we extend scout for specific blockchains.
Spring Security integration for DynamiaTools projects
The Howard project, named after "The Godfather of Clouds" Luke Howard, orchestrates the Kubernetes-based cloud infrastructure for the Canadian Food Inspection Agency's AI lab, managing applications like Nachet, Finesse, and Louis. It prioritizes robustnes
JavaScriptSecurityCookbook
Proof of concept marching cube editing app made in vulkan
Minty Blog is an overengineered security blog powered by Gitea and DroneCI. It is hosted on microk8s, utilizing a Continuous Integration and Continuous Deployment (CICD) pipeline with DroneCI.
This repository is the demo for the Advanced Topics for Computer and Network Security class, held by prof. Mauro Conti of the University of Padova.
The nova-core repository is the central core of microservices for an application ecosystem, built with Java and Spring Boot. This repository serves as the foundation for various services within the microservices architecture, integrating features such as
Utilities for getting insights from Github Advanced Security
Therac-25 control software implemented in haskell according to the Leveson report.
vuls-data-raw-debian-security-tracker-api
vuls-data-raw-debian-security-tracker-salsa
RevoltEdge is your #1 source for Edgenuity answers . Get 100% Scores on all activities and Skip Videos! Revolt is the Best Edgenuity script & hack / Bot
Crime Prevention Security Systems
Cloud_Security
helper for arduino matrix 8x8 to hack some characters
AWS pipeline library for the Flowpipe cloud scripting engine. Automation and workflows to connect AWS to the people, systems and data that matters.
Gen 1 Fakemon Overhaul hack using pokered-crysaudio as a base
Reputation System for the Ergo Hack VII [page still in work]
Official certificates for audits which have passed our security assessments. Formal audit reports with detailed analysis can be found in the Audit repository.
RingCentral Zoho Desk Twilio Proof of Concepts Integration Test
End-to-end testing framework to run security testing on any web application with selenium tests using OWASP ZAP
This Python script provides a sophisticated botnet detection system that leverages signature-based detection, machine learning algorithms, behavioral analysis, and traffic profiling to identify potential botnet activity in real-time. It also includes adva
A .NET MAUI app for displaying the top posts on Hacker News that demonstrates Firebase Realtime Database
alx-system_engineering-devops
Welcome to the Bug Hunter's Wordlists repository! 🐛🔍 This repository serves as a comprehensive collection of essential wordlists utilized by bug hunters, penetration testers, and security enthusiasts during their reconnaissance and vulnerability assessmen
Offensive Security tools containerized
security
A simple C# password manager
Dojo for SCS2081 - Software Security Course at HUST CSE
Helping Ethical Hackers use LLMs in 50 Lines of Code or less..
Security Breach Multiplayer Mod
Coalfire GCP Security Core Terraform Module
A Kubernetes tool leveraging eBPF for advanced Kubernetes security, auto-generating Network Policies, Seccomp Profiles, and more.
🔒 Advanced Android Security Techniques: Root, VPN, Proxy, Emulator Blocking. Strengthen your app's defenses with our comprehensive security features. Protect against vulnerabilities and safeguard user data. Explore our repository for source code and docum
portkey-DID-security
Proofs of concept ⚙
Proof-of-concept GitHub OPS Dashboard, for ChatInterface, ChatJS, and UI-Examples repositories
Open source repo for the new relic Java security agent
AI Native Data App Development framework with AWEL(Agentic Workflow Expression Language) and Agents
Repository for ROM hack
A simple proof-of-concept for a ChatGPT-based Chat Bot that allows questioning the website of HTW Berlin.
A simple proof-of-concept for a ChatGPT-based Chat Bot that allows questioning the website of HTW Berlin.
Uncomplicated Surveillance System
NetworkSecurity
A symfony chatbot Proof of concept, by using botman lib, ChatGPT-4-turbo model, YoutubeV3 api and other apis.
A collection of bash scripts I've hacked together over time
A slightly sarcastic, highly over-engineered GitHub-as-a-Data-Platform Proof-of-Concept.
CloudFormation to automate the deployment of the required IAM roles for AWS Security Lake
Demos for software supply chain security
Instructure Security Packages
A curated list of tools useful within the field of cyber security, for both blue and red team operations.
Summarizes top stories from Hacker News using a large language model and post them to a Telegram channel.
Proof of concept to parse genes and exons from a GFF3 file
MLighter: The holistic tool for security evaluations of machine learning systems. http://mlighter.freedevelop.org/
Spoof your payloads/codes extensions into safe extensions | FUD
L3MON - Remote Android Managment Suite Kali LInux, Ubuntu by EFX Tv
golang and other security tools
Django Security Personnel Face Mask Checker System - Damadtec's Capstone Project (Web Application)
Corpus of Resolutions: UN Security Council (CR-UNSC)
hackable self-hosting
Umbrella Repository Service for TUF
Curates resources to defend against SpringShell/Spring4Shell vulnerabilities.
Language-agnostic SLSA provenance generation for Github Actions
스프링 시큐리티
Microcontroller-optimized implementation of EDHOC (RFC 9528) in Rust, with bindings for C and Python.
Use cargo-audit to generate a GitLab Dependency report
Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.
wolfCrypt and wolfCrypt FIPS provider for OpenSSL
Role/Attribute mandatory access control
SMBScan is a tool to enumerate file shares on an internal network.
Elastio examples, proof-of-concept implementations, and user-contributed scripts to backup and restore All The Things
Hacks, how-to's and other short articles on Dev.O
common services for security and RBAC
End-of-study internship at CEA List/LICIA. It aims at develop and implement a proof-of-concept for a verifiable history mecanism of metadata in Parsec, a cloud-based dropbox.
GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
The application dashboard for hackers and mentors.
Web BangMaul
Ngen api with Django
This is a terraform provider for using cf-security-entitlement
IT and security note taking
wolfSSL Intrusion Detection and Prevention System (IDPS)
Various proofs of concept examples using Github Actions 🤖
Interactively find and recover deleted or :point_right: overwritten :point_left: files from your terminal
A proof of concept to create a custom tile in SharpTools and connect to Spotify using Spotify API and developer's personal app token
Alpine-based Docker image for sqlmap
A Python library and command line interface for CVE Services.
Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.
draft for Japanese translation of OWASP Application Security Verification Standard
This project is aimed at freely providing technical guides on various hacking topics: Active Directory services, web services, servers, intelligence gathering, physical intrusion, phishing, mobile apps, iot, social engineering, etc.
A GitHub action that will automatically approve and merge a PR that only contains dependency updates, based on some rules. Also possible to disable the merge and use the `success` output to use in combination with other actions.
CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
A Rate Limiting Extension for Loopback 4 Applications
Website for Rochester Security Summit
Project implementing an application for the Persistence Core chain that all the other chains in the ecosystem connect to as a raised and open moderator for interoperability, shared security, and as a gateway to other ecosystems and chains.
Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.
Tesla Hack All Vehicles DoS Infotainment Touchscreen Interface CVE-2020-10558
Cerebrate is an open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other security tools.
PyAMS security management package and authentication policy
Every Apple Platform Security Guide
🌱 Very tiny SPRING Service without Persistence - Also includes a native image build
Check Point CloudGuard Network Security repository containing solution templates, Terraform templates, tools and scripts for deploying and configuring CloudGuard Network Security products.
Attribute Based Access Control for React
HAL – The Hardware Analyzer
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
SIEM Tactics, Techiques, and Procedures
Code Interview Samples, Proof of Concepts
Security-enhanced XML utilities
A sorted and updated list of security wargame sites.
This CSS Grid Learning Environment provides lessons, an in-page code editor, & visual feedback. It was written from scratch as a proof-of-concept using pure JavaScript.
🍬 Code samples from the nanoFramework team used in testing, proof of concepts and other explorational endeavours
Falcon Security Lab
:elephant: :busts_in_silhouette: Manage PostgreSQL roles and privileges from YAML or LDAP
Hacking Thursday main website
secureCodeBox (SCB) - continuous secure delivery out of the box
Provides familiar Spring abstractions for HashiCorp Vault
This is a set of scripts that scan a Linux system looking for security and robustness problems.
Write Linux kernel drivers from scratch and hacking
Repo manifest for the GrapheneOS mobile privacy and security hardening project.
A proof-of-concept cracker for cryptocurrency brainwallets and other low entropy key algorithms.
The best React-based framework with performance, scalability and security built in.
Set of tools to audit SIP based VoIP Systems
Template Haskell hack to violate another module's abstractions
A binary authorization and monitoring system for macOS
wolfSSH is a small, fast, portable SSH implementation, including support for SCP and SFTP.
CVE-2021-22508 -- A potential vulnerability has been identified for OpenText Operations Bridge Reporter. The vulnerability could be exploited to inject malicious SQL queries. An attack requires to be an authenticated administrator of OBR with network access to the OBR we
CVE-2022-44581 -- Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2.
CVE-2022-45070 -- Missing Authorization vulnerability in FmeAddons Conditional Checkout Fields for WooCommerce.This issue affects Conditional Checkout Fields for WooCommerce: from n/a through 1.2.3.
CVE-2022-45368 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lenderd 1003 Mortgage Application allows Relative Path Traversal.This issue affects 1003 Mortgage Application: from n/a through 1.75.
CVE-2022-45374 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP: from n/a through 5.30.4.
CVE-2023-23645 -- Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2.
CVE-2023-23700 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1.
CVE-2023-23872 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in German Mesky GMAce allows Path Traversal.This issue affects GMAce: from n/a through 1.5.2.
CVE-2023-23888 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rank Math Rank Math SEO allows Path Traversal.This issue affects Rank Math SEO: from n/a through 1.0.107.2.
CVE-2023-23988 -- Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through 1.9.11.
CVE-2023-23990 -- Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through 2.7.0.
CVE-2023-24379 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Web-Settler Landing Page Builder – Free Landing Page Templates allows Path Traversal.This issue affects Landing Page Builder – Free Landing Page Templates: fro
CVE-2023-25050 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vova Anokhin Shortcodes Ultimate allows Absolute Path Traversal.This issue affects Shortcodes Ultimate: from n/a through 5.12.6.
CVE-2023-25444 -- Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.7.
CVE-2023-25701 -- Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16.
CVE-2023-26009 -- Improper Privilege Management vulnerability in favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3.
CVE-2023-26526 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1.
CVE-2023-26540 -- Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1.
CVE-2023-32110 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in artbees JupiterX allows PHP Local File Inclusion.This issue affects JupiterX: from n/a through 3.0.0.
CVE-2023-32129 -- Missing Authorization vulnerability in Sparkle WP Editorialmag editorialmag.This issue affects Editorialmag: from n/a through 1.1.9.
CVE-2023-32244 -- Improper Privilege Management vulnerability in XTemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36.
CVE-2023-32297 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LWS LWS Affiliation allows PHP Local File Inclusion.This issue affects LWS Affiliation: from n/a through 2.2.6.
CVE-2023-33310 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through 1.7.59.
CVE-2023-33321 -- Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6.
CVE-2023-34186 -- Missing Authorization vulnerability in Imran Sayed Headless CMS.This issue affects Headless CMS: from n/a through 2.0.3.
CVE-2023-35881 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WooCommerce WooCommerce One Page Checkout allows PHP Local File Inclusion.This issue affects WooCommerce One Page Checkout: from n/a through 2.3.0.
CVE-2023-37385 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting allows PHP Local File Inclusion.This issue affects Consulting: from n/a through 6.5.6.
CVE-2023-37389 -- Improper Privilege Management vulnerability in SAASPROJECT Booking Package Booking Package allows Privilege Escalation.This issue affects Booking Package: from n/a through 1.5.98.
CVE-2023-37866 -- Improper Privilege Management vulnerability in Crocoblock JetFormBuilder allows Privilege Escalation.This issue affects JetFormBuilder: from n/a through 3.0.8.
CVE-2023-37888 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from
CVE-2023-37999 -- Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0.
CVE-2023-38399 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Portfolio allows PHP Local File Inclusion.This issue affects Phlox Portfolio: from n/a through 2.3.1.
CVE-2023-39163 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Shop allows PHP Local File Inclusion.This issue affects Phlox Shop: from n/a through 2.0.0.
CVE-2023-41243 -- Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through 0.9.90.
CVE-2023-41665 -- Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0.
CVE-2023-41954 -- Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1.
CVE-2023-41955 -- Improper Privilege Management vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.This issue affects Essential Addons for Elementor: from n/a through 5.8.8.
CVE-2023-41956 -- Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4.
CVE-2023-41957 -- Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through 4.3.4.
CVE-2023-44478 -- Cross-Site Request Forgery (CSRF) vulnerability in WP Hive Events Rich Snippets for Google allows Exploitation of Trusted Credentials.This issue affects Events Rich Snippets for Google: from n/a through 1.8.
CVE-2023-45652 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Justin Silver Remote Content Shortcode allows PHP Local File Inclusion.This issue affects Remote Content Shortcode: from n/a through 1.5.
CVE-2023-46145 -- Improper Privilege Management vulnerability in Themify Themify Ultra allows Privilege Escalation.This issue affects Themify Ultra: from n/a through 7.3.5.
CVE-2023-46197 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19.
CVE-2023-46205 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows PHP Local File Inclusion.This issue affects Ultimate Addons for WPBakery Page Builder: from n
CVE-2023-46784 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This
CVE-2023-47178 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through 5.
CVE-2023-47679 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QODE Interactive Qi Addons For Elementor allows PHP Local File Inclusion.This issue affects Qi Addons For Elementor: from n/a through 1.6.3.
CVE-2023-47682 -- Improper Privilege Management vulnerability in weDevs WP User Frontend allows Privilege Escalation.This issue affects WP User Frontend: from n/a through 3.6.5.
CVE-2023-47683 -- Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): fro
CVE-2023-47782 -- Improper Privilege Management vulnerability in Thrive Themes Thrive Theme Builder allows Privilege Escalation.This issue affects Thrive Theme Builder: from n/a before 3.24.0.
CVE-2023-47868 -- Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3.
CVE-2023-48319 -- Improper Privilege Management vulnerability in Salon Booking System Salon booking system allows Privilege Escalation.This issue affects Salon booking system: from n/a through 8.6.
CVE-2023-48757 -- Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4.
CVE-2023-49753 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spoonthemes Adifier System allows PHP Local File Inclusion.This issue affects Adifier System: from n/a before 3.1.4.
CVE-2023-50890 -- Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20.
CVE-2023-51356 -- Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10.
CVE-2023-51398 -- Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.14.
CVE-2023-51401 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35
CVE-2023-51424 -- Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 3.05.0.
CVE-2023-51476 -- Improper Privilege Management vulnerability in IOSS WP MLM Unilevel allows Privilege Escalation.This issue affects WP MLM Unilevel: from n/a through 4.0.
CVE-2023-51479 -- Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.
CVE-2023-51481 -- Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through 1.9.0.
CVE-2023-51483 -- Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1.
CVE-2023-51546 -- Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
CVE-2023-5597 -- A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code.
CVE-2024-21746 -- Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.3.2.
CVE-2024-22120 -- Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL
CVE-2024-22139 -- Authentication Bypass by Spoofing vulnerability in Filipe Seabra WordPress Manutenção allows Functionality Bypass.This issue affects WordPress Manutenção: from n/a through 1.0.6.
CVE-2024-22145 -- Improper Privilege Management vulnerability in InstaWP Team InstaWP Connect allows Privilege Escalation.This issue affects InstaWP Connect: from n/a through 0.1.0.8.
CVE-2024-22157 -- Improper Privilege Management vulnerability in WebWizards SalesKing allows Privilege Escalation.This issue affects SalesKing: from n/a through 1.6.15.
CVE-2024-22429 -- Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.
CVE-2024-23522 -- Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7.
CVE-2024-24715 -- Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through 2.4.0.
CVE-2024-24869 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through 1.15.8.
CVE-2024-24873 -- : Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through 1.0.71.
CVE-2024-24874 -- Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in CodePeople CP Polls allows Code Injection.This issue affects CP Polls: from n/a through 1.0.71.
CVE-2024-24882 -- Improper Privilege Management vulnerability in Masteriyo LMS allows Privilege Escalation.This issue affects LMS: from n/a through 1.7.2.
CVE-2024-24934 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through 3.19.0.
CVE-2024-25595 -- Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1.
CVE-2024-25906 -- Authentication Bypass by Spoofing vulnerability in WP Happy Coders Comments Like Dislike allows Functionality Bypass.This issue affects Comments Like Dislike: from n/a through 1.2.2.
CVE-2024-2697 -- The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scrip
CVE-2024-2744 -- The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2024-27954 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0.
CVE-2024-27955 -- Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0.
CVE-2024-27971 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a
CVE-2024-30479 -- Authentication Bypass by Spoofing vulnerability in LionScripts IP Blocker Lite allows Functionality Bypass.This issue affects IP Blocker Lite: from n/a through 11.1.1.
CVE-2024-30480 -- Authentication Bypass by Spoofing vulnerability in Pippin Williamson CGC Maintenance Mode allows Functionality Bypass.This issue affects CGC Maintenance Mode: from n/a through 1.2.
CVE-2024-30509 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Artbees SellKit allows Relative Path Traversal.This issue affects SellKit: from n/a through 1.8.1.
CVE-2024-30522 -- Authentication Bypass by Spoofing vulnerability in Stefano Lissa & The Newsletter Team Newsletter allows Functionality Bypass.This issue affects Newsletter: from n/a through 8.2.0.
CVE-2024-30527 -- Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through 2.3.7.
CVE-2024-30540 -- Guessable CAPTCHA vulnerability in Guido VS Contact Form allows Functionality Bypass.This issue affects VS Contact Form: from n/a through 14.7.
CVE-2024-30542 -- Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.This issue affects WholesaleX: from n/a through 1.3.2.
CVE-2024-31232 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1.
CVE-2024-31237 -- Improper Privilege Management vulnerability in WP Sharks s2Member Pro allows Privilege Escalation.This issue affects s2Member Pro: from n/a through 240315.
CVE-2024-31281 -- Missing Authorization vulnerability in Andy Moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.1.6.
CVE-2024-31290 -- Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through 1.0.9.1.
CVE-2024-31295 -- Guessable CAPTCHA vulnerability in BestWebSoft Captcha by BestWebSoft allows Functionality Bypass.This issue affects Captcha by BestWebSoft: from n/a through 5.2.0.
CVE-2024-31300 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appscreo Easy Social Share Buttons allows PHP Local File Inclusion.This issue affects Easy Social Share Buttons: from n/a through 9.4.
CVE-2024-31341 -- Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows Functionality Bypass.This issue affects Profile Builder: from n/a through 3.11.2.
CVE-2024-31351 -- Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6.
CVE-2024-31974 -- The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to d
CVE-2024-32131 -- Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through 3.2.82.
CVE-2024-3231 -- The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.
CVE-2024-32507 -- Improper Privilege Management vulnerability in Hamid Alinia – idehweb Login with phone number allows Privilege Escalation.This issue affects Login with phone number: from n/a through 1.7.16.
CVE-2024-32511 -- Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.This issue affects Simple Registration for WooCommerce: from n/a through 1.5.6.
CVE-2024-32512 -- Client-Side Enforcement of Server-Side Security vulnerability in weForms allows Removing Important Client Functionality.This issue affects weForms: from n/a through 1.6.20.
CVE-2024-32521 -- Client-Side Enforcement of Server-Side Security vulnerability in Highfivery LLC Zero Spam allows Removing Important Client Functionality.This issue affects Zero Spam: from n/a through 5.5.6.
CVE-2024-32523 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EverPress Mailster allows PHP Local File Inclusion.This issue affects Mailster: from n/a through 4.0.6.
CVE-2024-32680 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code
CVE-2024-32685 -- Client-Side Enforcement of Server-Side Security vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.2.5.
CVE-2024-32692 -- Missing Authorization vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 6.9.
CVE-2024-32708 -- Authentication Bypass by Spoofing vulnerability in helderk Maintenance Mode allows Functionality Bypass.This issue affects Maintenance Mode: from n/a through 3.0.1.
CVE-2024-32720 -- Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Appointment Hour Booking allows Removing Important Client Functionality.This issue affects Appointment Hour Booking: from n/a through 1.4.56.
CVE-2024-32774 -- Improper Restriction of Excessive Authentication Attempts vulnerability in Metagauss ProfileGrid allows Removing Important Client Functionality.This issue affects ProfileGrid : from n/a through 5.8.2.
CVE-2024-32786 -- Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows Functionality Bypass.This issue affects Royal Elementor Addons: from n/a through 1.3.93.
CVE-2024-32790 -- Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Supsystic Pricing Table by Supsystic allows Code Injection.This issue affects Pricing Table by Supsystic: from n/a through 1.9.12.
CVE-2024-32800 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Felix Moira Popup More Popups allows Stored XSS.This issue affects Popup More Popups: from n/a through 2.3.1.
CVE-2024-32802 -- Missing Authorization vulnerability in WordPlus BP Better Messages allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Better Messages: from n/a through 2.4.32.
CVE-2024-32809 -- Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through 0.2.41.
CVE-2024-32827 -- Authentication Bypass by Spoofing vulnerability in RafflePress Giveaways and Contests allows Functionality Bypass.This issue affects Giveaways and Contests: from n/a through 1.12.7.
CVE-2024-32830 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8.
CVE-2024-3289 -- When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the d
CVE-2024-3290 -- A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host
CVE-2024-3291 -- When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not s
CVE-2024-3292 -- A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host. - CVE-2024-3292
CVE-2024-32959 -- Improper Privilege Management vulnerability in Sirv allows Privilege Escalation.This issue affects Sirv: from n/a through 7.2.2.
CVE-2024-32960 -- Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.This issue affects Booking Ultra Pro: from n/a through 1.1.12.
CVE-2024-33549 -- Improper Privilege Management vulnerability in AA-Team WZone allows Privilege Escalation.This issue affects WZone: from n/a through 14.0.10.
CVE-2024-33550 -- Improper Privilege Management vulnerability in JR King/Eran Schoellhorn WP Masquerade allows Privilege Escalation.This issue affects WP Masquerade: from n/a through 1.1.0.
CVE-2024-33552 -- Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8.
CVE-2024-33556 -- Unrestricted Upload of File with Dangerous Type vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8.
CVE-2024-33567 -- Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3.
CVE-2024-33569 -- Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.This issue affects Instant Images: from n/a through 6.1.0.
CVE-2024-33644 -- Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9.
CVE-2024-33917 -- Authentication Bypass by Spoofing vulnerability in webtechideas WTI Like Post allows Functionality Bypass.This issue affects WTI Like Post: from n/a through 1.4.6.
CVE-2024-34058 -- The WebTop package for NethServer 7 and 8 allows stored XSS (for example, via the Subject field if an e-mail message).
CVE-2024-34241 -- A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications.
CVE-2024-34370 -- Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9.
CVE-2024-34434 -- Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.2.
CVE-2024-34567 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 1.1.29.
CVE-2024-34575 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.1.2.
CVE-2024-34752 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PluginOps Landing Page Builder allows Reflected XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.8.
CVE-2024-34755 -- Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through 1.3.9.
CVE-2024-34756 -- Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 HubSpot.This issue affects Integration for Contact Form 7 HubSpot: from n/a through 1.3.1.
CVE-2024-34757 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Visualmodo Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg allows Stored XSS.This issue affects Borderless – Widge
CVE-2024-34806 -- Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Clearfy Cache.This issue affects Clearfy Cache: from n/a through 2.2.1.
CVE-2024-34807 -- Cross-Site Request Forgery (CSRF) vulnerability in CodeBard Fast Custom Social Share by CodeBard.This issue affects Fast Custom Social Share by CodeBard: from n/a through 1.1.2.
CVE-2024-34809 -- Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes EmpowerWP.This issue affects EmpowerWP: from n/a through 1.0.21.
CVE-2024-34919 -- An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-34982 -- An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-34997 -- joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array().
CVE-2024-35110 -- A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker.
CVE-2024-35173 -- Missing Authorization vulnerability in PluginEver Serial Numbers for WooCommerce – License Manager.This issue affects Serial Numbers for WooCommerce – License Manager: from n/a through 1.7.3.
CVE-2024-35174 -- Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42.
CVE-2024-35190 -- Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.
CVE-2024-3551 -- The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on
CVE-2024-3580 -- The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (
CVE-2024-4214 -- Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Bill Minozzi Car Dealer allows Code Injection.This issue affects Car Dealer: from n/a through 4.15.
CVE-2024-4789 -- Cost Calculator Builder Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to 3.1.72, via the send_demo_webhook() function. This makes it possible for authenticated attackers, with subscriber-level access and above, t
CVE-2024-4998 -- Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-4566. Reason: This candidate is a reservation duplicate of CVE-2024-4566. Notes: All CVE users should reference CVE-2024-4566 instead of this candidate. All references an
CVE-2024-5022 -- The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affects Focus for iOS < 126.
CVE-2024-5042 -- A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and
CVE-2024-5043 -- A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Affected by this issue is some unknown functionality of the file admin/setting.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit ha
CVE-2024-5044 -- A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects an unknown part of the component Cookie Handler. The manipulation of the argument AuthCookie leads to improper authentication. It is possible to initiate the
CVE-2024-5045 -- A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin. The manipulation leads to files or directories accessible. The att
CVE-2024-5046 -- A vulnerability was found in SourceCodester Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file registeracc.php. The manipulation of the argument email leads to sql injection. The attack may
CVE-2024-5047 -- A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. Affected is an unknown function of the file /student/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible
CVE-2024-5048 -- A vulnerability classified as critical was found in code-projects Budget Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument edit leads to sql injection. The attack can be lau
CVE-2024-5049 -- A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0. Affected by this issue is some unknown functionality of the file admin/editproduct.php. The manipulation of the argument profilepic leads to unrestricted up
CVE-2024-5050 -- A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516. This affects an unknown part of the file /?g=log_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to in
CVE-2024-5051 -- A vulnerability has been found in SourceCodester Gas Agency Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file edituser.php. The manipulation of the argument id leads to sql injection. The attack can be i
CVE-2024-5052 -- Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. The vulnerability exists when the web server, default port 10001, attempts to process a large number of incomplete HTTP requests.
CVE-2024-5055 -- Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in resource consumption and system crashes.
CVE-2024-5063 -- A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username/password leads to sql injectio
CVE-2024-5064 -- A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been rated as critical. This issue affects some unknown processing of the file news-details.php. The manipulation of the argument nid leads to sql injection. The attack
CVE-2024-5072 -- Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted request.
CVE-2022-37341 -- Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-37410 -- Improper access control for some Intel(R) Thunderbolt driver software before version 89 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-22656 -- Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-22662 -- Improper input validation of EpsdSrMgmtConfig in UEFI firmware for some Intel(R) Server Board S2600BP products may allow a privileged user to potentially enable denial of service via local access.
CVE-2023-27504 -- Improper conditions check in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-28383 -- Improper conditions check in some Intel(R) BIOS PPAM firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-28402 -- Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-35192 -- Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-38417 -- Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-38420 -- Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-38581 -- Buffer overflow in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-38654 -- Improper input validation for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-39433 -- Improper access control for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-39929 -- Uncontrolled search path in some Libva software maintained by Intel(R) before version 2.20.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-40070 -- Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-40071 -- Improper access control in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-40155 -- Uncontrolled search path for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-40536 -- Race condition for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-41082 -- Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-41092 -- Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent access.
CVE-2023-41234 -- NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-41961 -- Uncontrolled search path in some Intel(R) GPA software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-42433 -- Incorrect default permissions in some Endurance Gaming Mode software installers before version 1.3.937.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-42668 -- Incorrect default permissions in some onboard video driver software before version 1.14 for Intel(R) Server Boards based on Intel(R) 62X Chipset may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-42773 -- Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-43487 -- Improper access control in some Intel(R) CST before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-43629 -- Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-43745 -- Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-43748 -- Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-43751 -- Uncontrolled search path in Intel(R) Graphics Command Center Service bundled in some Intel(R) Graphics Windows DCH driver software before versions 31.0.101.3790/31.0.101.2114 may allow an authenticated user to potentially enable escalation of privilege vi
CVE-2023-45217 -- Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-45221 -- Improper buffer restrictions in Intel(R) Media SDK all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-45315 -- Improper initialization in some Intel(R) Power Gadget software for Windwos all versions may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-45320 -- Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-45733 -- Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access.
CVE-2023-45736 -- Insecure inherited permissions in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-45743 -- Uncontrolled search path in some Intel(R) DSA software uninstallers before version 23.4.39.10 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-45845 -- Improper conditions check for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.20 may allow a privileged user to potentially enable denial of service via local access.
CVE-2023-45846 -- Incomplete cleanup in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-46103 -- Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-46689 -- Improper neutralization in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-46691 -- Use after free in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-46842 -- Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and
CVE-2023-47165 -- Improper conditions check in the Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow an privileged user to potentially enable denial of service via local access.
CVE-2023-47169 -- Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-47210 -- Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-47282 -- Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-47717 -- IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690.
CVE-2023-47855 -- Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-47859 -- Improper access control for some Intel(R) Wireless Bluetooth products for Windows before version 23.20 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-48368 -- Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-48643 -- Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tac_plus.cfg configuration file. These are executed when a cli
CVE-2023-48727 -- NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-49614 -- Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information disclosure.
CVE-2024-1417 -- Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager
CVE-2024-20389 -- A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system.
CVE-2024-20791 -- Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to exe
CVE-2024-20792 -- Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open
CVE-2024-20793 -- Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this iss
CVE-2024-21772 -- Uncontrolled search path in some Intel(R) Advisor software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21774 -- Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21777 -- Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition Design software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21788 -- Uncontrolled search path in some Intel(R) GPA software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21792 -- Time-of-check Time-of-use race condition in Intel(R) Neural Compressor software before version 2.5.0 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2024-21809 -- Improper conditions check for some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21813 -- Exposure of resource to wrong sphere in some Intel(R) DTT software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21814 -- Uncontrolled search path for some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21818 -- Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21823 -- Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local access.
CVE-2024-21828 -- Improper access control in some Intel(R) Ethernet Controller Administrative Tools software before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21831 -- Uncontrolled search path in some Intel(R) Processor Diagnostic Tool software before version 4.1.9.41 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21835 -- Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21837 -- Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21841 -- Uncontrolled search path for some Intel(R) Distribution for GDB software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21843 -- Uncontrolled search path for some Intel(R) Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21861 -- Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21862 -- Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21864 -- Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent network access.
CVE-2024-22015 -- Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local access.
CVE-2024-22095 -- Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
CVE-2024-22379 -- Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-22382 -- Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
CVE-2024-22384 -- Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 published Nov 2023 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2024-22390 -- Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of service.
CVE-2024-22476 -- Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.
CVE-2024-23487 -- Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
CVE-2024-2358 -- A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration settings, specifica
CVE-2024-2361 -- A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input. Specifically, the issue resides in the `install_model()` function within `lollms_core/lollms/binding.py`, where
CVE-2024-2366 -- A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstall_binding functionality in lollms_core/lollms/server/endpoints/lollms_binding_infos.py of the latest version. The vulnerability arises d
CVE-2024-23980 -- Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access.
CVE-2024-24981 -- Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access.
CVE-2024-2619 -- The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-le
CVE-2024-27260 -- IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985.
CVE-2024-30275 -- Adobe Aero Desktop versions 23.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a
CVE-2024-30281 -- Substance3D - Designer versions 13.1.1 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitatio
CVE-2024-30287 -- Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitat
CVE-2024-30288 -- Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that
CVE-2024-30289 -- Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that
CVE-2024-30292 -- Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vict
CVE-2024-30293 -- Animate versions 24.0.2, 23.0.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim
CVE-2024-30294 -- Animate versions 24.0.2, 23.0.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim
CVE-2024-30295 -- Animate versions 24.0.2, 23.0.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu
CVE-2024-30297 -- Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must o
CVE-2024-30298 -- Animate versions 24.0.2, 23.0.5 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of th
CVE-2024-30307 -- Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim m
CVE-2024-30309 -- Substance3D - Painter versions 9.1.2 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation
CVE-2024-30314 -- Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issu
CVE-2024-31142 -- Because of a logical error in XSA-407 (Branch Type Confusion), the
CVE-2024-31226 -- Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named `C:\Program.exe`, `C:\Program.bat`, or
CVE-2024-3126 -- A command injection vulnerability exists in the 'run_xtts_api_server' function of the parisneo/lollms-webui application, specifically within the 'lollms_xtts.py' script. The vulnerability arises due to the improper neutralization of special elements used
CVE-2024-3134 -- The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title_html_tag attribute in all versions up to, and including, 2.0.6.0 due to insuffici
CVE-2024-3403 -- imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit th
CVE-2024-34273 -- njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method.
CVE-2024-3435 -- A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in
CVE-2024-34582 -- Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPasswd.cgi userid_change XSS within the Forgot Password feature.
CVE-2024-34751 -- Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.9.
CVE-2024-34760 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPBlockart Magazine Blocks allows Stored XSS.This issue affects Magazine Blocks: from n/a through 1.3.6.
CVE-2024-34805 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webvitaly iFrame allows Stored XSS.This issue affects iFrame: from n/a through 5.0.
CVE-2024-34808 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.2.0.
CVE-2024-34905 -- FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login page. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-34957 -- idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.
CVE-2024-34958 -- idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add
CVE-2024-35039 -- idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.
CVE-2024-35176 -- REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem
CVE-2024-35185 -- Minder is a software supply chain security platform. Prior to version 0.0.49, the Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester allows users to
CVE-2024-35187 -- Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, attackers who achieved Arbitrary Code Execution as the stalwart-mail user (including web interface admins) can gain complete root access to the system. Usually, system services ar
CVE-2024-35299 -- In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation
CVE-2024-35300 -- In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible
CVE-2024-35301 -- In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token
CVE-2024-35302 -- In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible
CVE-2024-3609 -- The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. Th
CVE-2024-3640 -- An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a t
CVE-2024-3641 -- The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins
CVE-2024-3641 -- The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins
CVE-2024-3642 -- The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack
CVE-2024-3642 -- The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack
CVE-2024-3643 -- The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack
CVE-2024-3643 -- The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack
CVE-2024-3644 -- The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVE-2024-3750 -- The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15. T
CVE-2024-3848 -- A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to inser
CVE-2024-3851 -- A stored Cross-Site Scripting (XSS) vulnerability exists in the 'imartinez/privategpt' repository due to improper validation of file uploads. Attackers can exploit this vulnerability by uploading malicious HTML files, such as those containing JavaScript p
CVE-2024-3887 -- The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder widget in all versions up to, and including, 1.3.974 due to insufficient input sanitization and output escaping on user supplie
CVE-2024-4078 -- A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. The issue arises from the lack of path sanitization when handling the `name` par
CVE-2024-4181 -- A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval
CVE-2024-4204 -- The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to missing or incorrect nonce validation on the plugin's AJAX actions.. This makes it possible f
CVE-2024-4222 -- The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthe
CVE-2024-4223 -- The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthentic
CVE-2024-4263 -- A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE request
CVE-2024-4279 -- The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due to missing validati
CVE-2024-4288 -- The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and
CVE-2024-4318 -- The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exis
CVE-2024-4321 -- A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during th
CVE-2024-4322 -- A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `/list_personalities` endpoint. By manipulating the `category` parameter, an attacker can traverse the directory structure and list any directory on th
CVE-2024-4326 -- A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the `/apply_settings` and `/execute_code` endpoints. Attackers can bypass protections by
CVE-2024-4351 -- The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible fo
CVE-2024-4352 -- The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘yea
CVE-2024-4385 -- The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker
CVE-2024-4391 -- The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplie
CVE-2024-4400 -- The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escap
CVE-2024-4478 -- The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied 'too
CVE-2024-4546 -- The Custom Post Type Attachment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pdf_attachment' shortcode in all versions up to, and including, 3.4.5 due to insufficient input sanitization and output escaping on user su
CVE-2024-4580 -- The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.0.6.0 due to insufficient input sani
CVE-2024-4603 -- Issue summary: Checking excessively long DSA keys or parameters may be very
CVE-2024-4609 -- A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exp
CVE-2024-4617 -- The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping. This makes it possible
CVE-2024-4634 -- The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. This makes i
CVE-2024-4635 -- The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘add_mime_type’ function in versions up to, and including, 0.13.13 due to insufficient input sanitization and output escaping. This makes it possible for
CVE-2024-4642 -- A Server-Side Request Forgery (SSRF) vulnerability exists in the wandb/wandb repository due to improper handling of HTTP 302 redirects. This issue allows team members with access to the 'User settings -> Webhooks' function to exploit this vulnerability to
CVE-2024-4733 -- The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the `hc3_session`-cookie in versions up to, and including, 4.9.57. This makes it possible for an authenticated attacker w
CVE-2024-4760 -- A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71 microcontrollers allows access to the memory bus via the debug interface even if the security bit is set.
CVE-2024-4826 -- SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9. This vulnerability could allow an attacker to retrieve all the information stored in the database by sending a specially crafted SQL query, due to the lack of proper sanitisati
CVE-2024-4838 -- The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_modal' shortcode. This makes it possible for
CVE-2024-4843 -- ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged user to manipulate the client task and client task assignments, hence escalating his/her privilege.
CVE-2024-4844 -- Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access
CVE-2024-4919 -- A vulnerability was found in Campcodes Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/addCourseExe.php. The manipulation of the argument course_name leads to sql
CVE-2024-4920 -- A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file registerH.php. The manipulation of the argument ima leads to unrestricted upload. The attac
CVE-2024-4921 -- A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is an unknown function of the file /employee_gatepass/classes/Users.php?f=ssave. The manipulation of the argument img leads
CVE-2024-4922 -- A vulnerability, which was classified as problematic, was found in SourceCodester Simple Image Stack Website 1.0. This affects an unknown part. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remo
CVE-2024-4923 -- A vulnerability has been found in Codezips E-Commerce Site 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/addproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack can b
CVE-2024-4925 -- A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /intrams_sams/manage_course.php. The manipulation of the argument id
CVE-2024-4926 -- A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /intrams_sams/manage_student.php. The manipulation of the argument id
CVE-2024-4927 -- A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=save_product. The ma
CVE-2024-4928 -- A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=delete_category. The manipula
CVE-2024-4929 -- A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/admin/ajax.php?action=save_user. The manipulation leads to cross-site reque
CVE-2024-4930 -- A vulnerability classified as critical was found in SourceCodester Simple Online Bidding System 1.0. This vulnerability affects unknown code of the file /simple-online-bidding-system/index.php?page=view_prod. The manipulation of the argument id leads to s
CVE-2024-4931 -- A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Bidding System 1.0. This issue affects some unknown processing of the file /simple-online-bidding-system/admin/index.php?page=view_udet. The manipulation of
CVE-2024-4932 -- A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Bidding System 1.0. Affected is an unknown function of the file /simple-online-bidding-system/admin/index.php?page=manage_user. The manipulation of the argument i
CVE-2024-4933 -- A vulnerability has been found in SourceCodester Simple Online Bidding System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/index.php?page=manage_product. The man
CVE-2024-4945 -- A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file view_parcel.php. The manipulation of the argument id leads to unrestricted upload. It is pos
CVE-2024-4946 -- A vulnerability was found in SourceCodester Online Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/adminHome.php. The manipulation of the argument sliderpic
CVE-2024-4956 -- Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
CVE-2024-4960 -- ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000-40 V31R02B1413C. Affected is an unknown function of the file interface/sysmanage/licenseauthorization.php. The manipulation of the argument file_uploa
CVE-2024-4961 -- ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-7000-40 V31R02B1413C. Affected by this vulnerability is an unknown functionality of the file /user/onlineuser.php. The manipulation of the argument file_upload
CVE-2024-4962 -- ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000-40 V31R02B1413C. Affected by this issue is some unknown functionality of the file /useratte/resmanage.php. The manipulation of the argumen
CVE-2024-4963 -- ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000-40 V31R02B1413C. This affects an unknown part of the file /url/url.php. The manipulation of the argument file_upload leads to unrestricted uplo
CVE-2024-4964 -- ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This vulnerability affects unknown code of the file /firewall/urlblist.php. The manipulation of the argument file leads to unrest
CVE-2024-4965 -- ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This issue affects some unknown processing of the file /useratte/resmanage.php. The manipulation of the argument load leads to os comm
CVE-2024-4966 -- A vulnerability was found in SourceCodester SchoolWebTech 1.0. It has been classified as critical. Affected is an unknown function of the file /improve/home.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch
CVE-2024-4967 -- A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to
CVE-2024-4968 -- A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Marker Name of the component Add Marker. The manipulation leads to cross site s
CVE-2024-4972 -- A vulnerability classified as critical has been found in code-projects Simple Chat System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the atta
CVE-2024-4973 -- A vulnerability classified as critical was found in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file /register.php. The manipulation of the argument name/number/address leads to sql injection. The attack can be ini
CVE-2024-4974 -- A vulnerability, which was classified as problematic, was found in code-projects Simple Chat System 1.0. Affected is an unknown function of the file /register.php. The manipulation of the argument name leads to cross site scripting. It is possible to laun
CVE-2024-4975 -- A vulnerability, which was classified as problematic, has been found in code-projects Simple Chat System 1.0. This issue affects some unknown processing of the component Message Handler. The manipulation leads to cross site scripting. The attack may be in
CVE-2024-4984 -- The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authentica
CVE-2024-4991 -- Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_pass/aksi_pass.php parameter in nama_lengkap. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information s
CVE-2024-4992 -- Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_kuliah/aksi_kuliah.php parameter in nim. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored
CVE-2024-4993 -- Vulnerability in SiAdmin 1.1 that allows XSS via the /show.php query parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and thereby steal their cookie session credentials.
CVE-2024-4999 -- A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MI
CVE-2024-5023 -- Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Netflix ConsoleMe allows Command Injection.This issue affects ConsoleMe: before 1.4.0.