Latest CVE Feed
-
5.4
MEDIUMCVE-2024-11997
A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file /vendas.php. The manipulation of the argument notaFiscal leads to cross site scripting. It is possible to initiate the... Read more
- Published: Nov. 30, 2024
- Modified: Dec. 04, 2024
-
5.4
MEDIUMCVE-2024-11996
A vulnerability was found in code-projects Farmacia 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /editar-fornecedor.php. The manipulation of the argument cidade leads to cross site scripting. The atta... Read more
- Published: Nov. 30, 2024
- Modified: Dec. 04, 2024
-
6.1
MEDIUMCVE-2024-11252
The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.69 due to insufficient input sanitization and output esc... Read more
Affected Products : sassy_social_share- Published: Nov. 30, 2024
- Modified: Jul. 09, 2025
-
8.1
HIGHCVE-2024-43703
Software installed and run as a non-privileged user may conduct improper GPU system calls to achieve unauthorised reads and writes of physical memory from the GPU HW.... Read more
Affected Products : ddk- Published: Nov. 30, 2024
- Modified: Dec. 01, 2024
-
8.1
HIGHCVE-2024-43702
Software installed and run as a non-privileged user may conduct improper GPU system calls to allow unprivileged access to arbitrary physical memory page.... Read more
Affected Products : ddk- Published: Nov. 30, 2024
- Modified: Dec. 01, 2024
-
7.5
HIGHCVE-2024-53623
Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information.... Read more
Affected Products : archer_c7_firmware- Published: Nov. 29, 2024
- Modified: Dec. 02, 2024
-
4.1
MEDIUMCVE-2024-54159
stalld through 1.19.7 allows local users to cause a denial of service (file overwrite) via a /tmp/rtthrottle symlink attack.... Read more
Affected Products :- Published: Nov. 29, 2024
- Modified: Dec. 03, 2024
-
6.1
MEDIUMCVE-2024-11995
A vulnerability has been found in code-projects Farmacia 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /pagamento.php. The manipulation of the argument total leads to cross site scripting. The at... Read more
- Published: Nov. 29, 2024
- Modified: Dec. 04, 2024
-
9.8
CRITICALCVE-2024-53507
A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems.... Read more
Affected Products : siyuan- Published: Nov. 29, 2024
- Modified: Apr. 14, 2025
-
9.8
CRITICALCVE-2024-53506
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs.... Read more
Affected Products : siyuan- Published: Nov. 29, 2024
- Modified: Apr. 14, 2025
-
9.8
CRITICALCVE-2024-53505
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent.... Read more
Affected Products : siyuan- Published: Nov. 29, 2024
- Modified: Apr. 14, 2025
-
9.8
CRITICALCVE-2024-53504
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory.... Read more
Affected Products : siyuan- Published: Nov. 29, 2024
- Modified: Apr. 14, 2025
-
7.5
HIGHCVE-2024-36612
Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers.... Read more
- Published: Nov. 29, 2024
- Modified: Apr. 09, 2025
-
7.5
HIGHCVE-2024-35371
Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or ot... Read more
Affected Products :- Published: Nov. 29, 2024
- Modified: Dec. 02, 2024
-
9.8
CRITICALCVE-2024-35368
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.... Read more
Affected Products : ffmpeg- Published: Nov. 29, 2024
- Modified: Jun. 03, 2025
-
9.1
CRITICALCVE-2024-35367
FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer... Read more
Affected Products : ffmpeg- Published: Nov. 29, 2024
- Modified: Jun. 03, 2025
-
9.1
CRITICALCVE-2024-35366
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration value... Read more
Affected Products : ffmpeg- Published: Nov. 29, 2024
- Modified: Jun. 03, 2025
-
5.4
MEDIUMCVE-2024-53983
The Backstage Scaffolder plugin Houses types and utilities for building scaffolder-related modules. A vulnerability is identified in Backstage Scaffolder template functionality where Server-Side Template Injection (SSTI) can be exploited to perform Git co... Read more
- Published: Nov. 29, 2024
- Modified: Nov. 29, 2024
-
6.9
MEDIUMCVE-2024-53980
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally spoofed F... Read more
Affected Products : riot- Published: Nov. 29, 2024
- Modified: Nov. 29, 2024
-
8.2
HIGHCVE-2024-53979
ibm.ibm_zhmc is an Ansible collection for the IBM Z HMC. The Ansible collection "ibm.ibm_zhmc" writes password-like properties in clear text into its log file and into the output returned by some of its Ansible module in the following cases: 1. The 'boot_... Read more
Affected Products :- Published: Nov. 29, 2024
- Modified: Nov. 29, 2024