CVE-2024-3057 : PURESTORAGE FLASHARRAY UP TO 6.6.5 PRIVILEGES MANAGEMENT
Description A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation. References
How To Secure Generative AI Systems Against Emerging Threats
Generative AI, driven by advanced machine learning techniques, is revolutionizing industries by creating text, images, music, and virtual environments. These
CVE-2024-45252 : ELSIGHT HALO PRIOR 11.9.4.0 OS COMMAND INJECTION
Description Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) References https://www.gov.il/en/Departments/faq/cve_advisories For
CVE-2024-47350 : YITH WOOCOMMERCE AJAX SEARCH PLUGIN UP TO 2.8.0 ON WORDPRESS SQL INJECTION
Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in YITH YITH WooCommerce Ajax Search
CVE-2024-9560 : ESAFENET CDG V5 CATELOGS;LOGINDOJOJS DELCATELOGS ID SQL INJECTION
Description A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is
CVE-2024-9550 : D-LINK DIR-605L 2.13B01 BETA /GOFORM/FORMLOGDNSQUERY CURTIME BUFFER OVERFLOW
Description A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function
CVE-2024-33368 : PLASMOAPP RPSHARE FABRIC MOD 1.0.0 DOWNLOADPROMPTSCREEN BUILD OS COMMAND INJECTION
Description An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build
CVE-2024-39275 : ADVANTECH ADAM-5630 UP TO 2.5.1 PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION
Description Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with
CVE-2024-46257 : NGINXPROXYMANAGER 2.11.3 REQUESTLETSENCRYPTSSLWITHDNSCHALLENGE COMMAND INJECTION
Description A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add
CVE-2024-46366 : WEBKUL KRAYIN CRM 1.3.0 TEMPLATE INJECTION
Description A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template
CVE-2024-6983 : MUDLER LOCALAI UP TO 2.19.3 CONFIGURATION FILE CODE INJECTION
Description mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not
CVE-2024-46847 : LINUX KERNEL UP TO 6.6.50/6.10.9 NEW_VMAP_BLOCK ARRAY INDEX
Description In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: ensure vmap_block is initialised before adding to
CVE-2024-6593 : WATCHGUARD AUTHENTICATION GATEWAY UP TO 12.10.2 ON WINDOWS MANAGEMENT COMMAND AUTHORIZATION
Description Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access
CVE-2024-9043 : CELLOPOINT SECURE EMAIL GATEWAY UP TO 4.5.0 PACKETS STACK-BASED OVERFLOW
Description Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Remote unauthenticated attackers can send crafted packets
CVE-2024-9035 : CODE-PROJECTS BLOOD BANK MANAGEMENT SYSTEM 1.0 ADMIN LOGIN /ADMIN/LOGIN.PHP USERNAME/PASSWORD SQL INJECTION
Description A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. This affects
CVE-2024-46983 : SOFASTACK SOFA-HESSIAN UP TO 3.5.4 SOFA HESSIAN PROTOCOL INJECTION
Description sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses
CVE-2024-40125 : CLOSED-LOOP TECHNOLOGY CLESS SERVER 4.5.2 PHP UNRESTRICTED UPLOAD
Description An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to
CVE-2024-45410 : TRAEFIK HTTP HEADER X-FORWARDED LESS TRUSTED SOURCE
Description Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers
CVE-2024-8963 : IVANTI CSA UP TO 4.6 PATCH 518 PATH TRAVERSAL
Description Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
CVE-2024-9008 : SOURCECODESTER BEST ONLINE NEWS PORTAL 1.0 COMMENT SECTION /NEWS-DETAILS.PHP NAME SQL INJECTION
Description A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affects unknown code
CVE-2024-46382 : LINLINJAVA LITEMALL 1.8.0 ADMINGOODSCONTROLLER.JAVA GOODSID/GOODSSN/NAME PARAMETERS SQL INJECTION
Description A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId,
CVE-2024-45769 : RED HAT ENTERPRISE LINUX 6/7/8/9 PERFORMANCE CO-PILOT OUT-OF-BOUNDS WRITE
Description A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to
CVE-2024-47089 : APEX SOFTCELL LD GEO API ENDPOINT INTEGRITY CHECK
Description This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in
CVE-2024-46946 : LANGCHAIN_EXPERIMENTAL UP TO 0.3.0 SYMPY.SYMPIFY INPUT VALIDATION
Description langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses