Day: July 29, 2024

CVE-2024-7164 : SOURCECODESTER SCHOOL FEES PAYMENT SYSTEM 1.0 /AJAX.PHP USERNAME SQL INJECTION

Description A vulnerability has been found in SourceCodester School Fees Payment System 1.0 and classified as critical. This vulnerability affects

Common Vulnerabilities and Exposures

CVE-2024-7157 : TOTOLINK A3100R 4.1.CU.5050_B20200504 CSTECGI.CGI GETSAVECONFIG HTTP_HOST BUFFER OVERFLOW

Description A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been classified as critical. This affects the function getSaveConfig

Common Vulnerabilities and Exposures

CVE-2024-39304 : CHURCHCRM UP TO 5.9.1 /GETTEXT.PHP EID SQL INJECTION

Description ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated

Common Vulnerabilities and Exposures

CVE-2024-41114 : OPENGEOS STREAMLIT-GEOSPATIAL 1_ EVAL PALETTE INPUT VALIDATION

Description streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 430

Common Vulnerabilities and Exposures

CVE-2024-6922 : AUTOMATION ANYWHERE AUTOMATION 360 UP TO 32 WEB API SERVER-SIDE REQUEST FORGERY

Description Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with

Common Vulnerabilities and Exposures

CVE-2024-7062 : NIMBLE COMMANDER UP TO 1.6.0 BUILD 4087 ON MACOS INFO.FILESMANAGER.FILES.PRIVILEGEDIOHELPERV2 AUTHORIZATION

Description Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s