CVE-2024-37298 : GORILLA SCHEMA UP TO 1.4.0 SESSION_ID ALLOCATION OF RESOURCES

Description gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running `schema.Decoder.Decode()` on a struct that has

Description The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is

Description The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all

Description FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0 References

Description Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A

Description trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the

Description Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job

Description Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account settings page.

Description A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization

Description authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2

Description The NXP Data Co-Processor (DCP) is a built-in hardware module for specific NXP SoCs¹ that implements a dedicated AES

Description ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack

Description dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed

Description The WordPress Plugin for Google Maps – WP MAPS plugin for WordPress is vulnerable to SQL Injection via the

Description iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking

Description Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to

Description A vulnerability was found in SeaCMS 12.9. It has been declared as critical. Affected by this vulnerability is an

Description A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by

Description A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions

Description A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz

Description BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the

Description In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execution due to prompt injection.