CVE-2024-6417 : SOURCECODESTER SIMPLE ONLINE BIDDING SYSTEM 1.0 AJAX.PHP ID SQL INJECTION

Description A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by

Description A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions

Description A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz

Description BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the

Description In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execution due to prompt injection.

Description Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the

Description BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution.

Description An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running

Description D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL.

Description Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the

Description CPython 3.9 and earlier doesn’t disallow configuring an empty list (“[]”) for SSLContext.set_npn_protocols() which is an invalid value for

Description Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability

Description The W3C XML Signature Syntax and Processing (XMLDsig) specification, starting with 1.0, was originally published with a “RetrievalMethod is

Description Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against

Description A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application’s handling of the

Description Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An authorization bypass allows remote attackers

Description H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log

Description An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution

Description Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific

Description IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script.

Description CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the `ExtensionBuilder().build_extension()` function. The vulnerability arises from the `/mount_extension`

Description Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile