CVE-2024-8567 : ITSOURCECODE PAYROLL MANAGEMENT SYSTEM 1.0 AJAX.PHP ID SQL INJECTION
Description A vulnerability, which was classified as critical, has been found in itsourcecode Payroll Management System 1.0. This issue affects
CVE-2024-8565 : SOURCECODESTERS CLINICS PATIENT MANAGEMENT SYSTEM 2.0 /PRINT_DISEASES.PHP DISEASE/FROM/TO SQL INJECTION
Description A vulnerability was found in SourceCodesters Clinics Patient Management System 2.0. It has been rated as critical. This issue
CVE-2024-8523 : LMXCMS UP TO 1.4 SQL COMMAND EXECUTION MODULE ADMIN.PHP FORMATDATA DATA CODE INJECTION
Description A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the
CVE-2024-25584 : OPEN-XCHANGE OX DOVECOT PRO UP TO 2.3.21 DATA COMMAND DATA AUTHENTICITY
Description Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be
What GDPR 2.0 Means For Businesses In 2024?
GDPR 2.0, the forthcoming update to the General Data Protection Regulation, is set to redefine data privacy and security standards
CVE-2024-8521 : WAVELOG UP TO 1.8.0 LIVE QSO /QSO INDEX MANUAL CROSS SITE SCRIPTING
Description A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index
CVE-2024-6445 : DATAFLOWX TECHNOLOGY DATADIODEX UP TO 3.4.X PATH TRAVERSAL
Description Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.
CVE-2024-34155 : GOOGLE GO UP TO 1.22.6/1.23.0 GO-PARSER PARSE RESOURCE CONSUMPTION
Description Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic
CVE-2024-40711 : VEEAM BACKUP & REPLICATION UP TO 12.1.2.172 REMOTE CODE EXECUTION
Description A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). References
CVE-2024-40865 : APPLE VISIONOS UP TO 1.2 VIRTUAL KEYBOARD PRIVILEGE ESCALATION
Description The issue was addressed by suspending Persona when the virtual keyboard is active. This issue is fixed in visionOS
CVE-2024-8395 : FLYCASS COCKPIT ACCESS SECURITY SYSTEM/KNOWN CREWMEMBER SQL INJECTION
Description FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside
CVE-2024-38486 : DELL SMARTFABRIC OS10 SOFTWARE UP TO 10.5.5.10/10.5.6.X COMMAND INJECTION
Description Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used
CVE-2024-8480 : IMAGE OPTIMIZER, RESIZER AND CDN PLUGIN UP TO 7.2.7 ON WORDPRESS SIRV_SAVE_PREVENTED_SIZES AUTHORIZATION
Description The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due
What Is GraphQL API And How To Secure Them?
GraphQL API security is critical to protecting your application from threats and vulnerabilities. GraphQL, with its simple and efficient data
CVE-2024-7261 : ZYXEL NWA1123ACV3/WAC500/WAX655E/WBE530/USG LITE 60AX COOKIE HOST OS COMMAND INJECTION
Description The improper neutralization of special elements in the parameter “host” in the CGI program of Zyxel NWA1123ACv3 firmware version
CVE-2024-1621 : NT-WARE UNIFLOW ONLINE UP TO 2024.1.0 REGISTRATION VERIFICATION OF SOURCE
Description The registration process of uniFLOW Online (NT-ware product) apps, prior to and including version 2024.1.0, can be compromised when
CVE-2024-45623 : D-LINK DAP-2310 1.16RC028 ATP BINARY STACK-BASED OVERFLOW
Description D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in
CVE-2024-45622 : ASIS APLIKASI SISTEM SEKOLAH USING CODELGNITER UP TO 3.2.0 INDEX.PHP USERNAME SQL INJECTION
Description ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass.
CVE-2024-8380 : SOURCECODESTER CONTACT MANAGER WITH EXPORT TO VCF 1.0 DELETE CONTACT DELETE-ACCOUNT.PHP CONTACT SQL INJECTION
Description A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. It has been rated as critical.
CVE-2024-44947 : LINUX KERNEL UP TO 6.1.106/6.6.47/6.10.6 FUSE FUSE_NOTIFY_STORE INFORMATION DISCLOSURE
Description In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(),
CVE-2024-45311 : QUINN-RS QUINN UP TO 0.11.6 CONNECTION ID RETRY CONTROL FLOW
Description Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible
CVE-2024-45388 : SPECTOLABS HOVERFLY UP TO 1.10.2 HTTP POST REQUEST /API/V2/SIMULATION INFORMATION DISCLOSURE
Description Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The `/api/v2/simulation` POST
CVE-2024-6919 : NAC TELECOMMUNICATION SYSTEMS NACPREMIUM UP TO 01082024 SQL INJECTION
Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NAC Telecommunication Systems Inc. NACPremium
CVE-2024-23365 : QUALCOMM SNAPDRAGON AUTO UP TO WSA8845H MINKSOCKET LISTENER THREAD USE AFTER FREE
Description Memory corruption while releasing shared resources in MinkSocket listener thread. References https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html For More Information CVERecord