Alerts

Querydsl 5.1.0 allows SQL/HQL injection in orderBy in JPAQuery.

Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte...

HkCms

A stored cross-site scripting (XSS) vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page...

A stored cross-site scripting (XSS) vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into...

H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter.

Date: November 19, 2024 Revision Date Changes 1.0 November 19, 2024 Initial release The CVE-ID tracking this issue: CVE-2024-7095 CVSSv3.1 Base Score: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) Common Weakness Enumeration: CWE-401: Missing...

Date: November 19, 2024 Revision Date Changes 1.0 November 19, 2024 Initial release Description The CVE-ID tracking this issue: CVE-2024-5872 CVSSv3.1 Base Score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) Common Weakness Enumeration: CWE-346...

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() Since the gang_size check is outside of chunk parsing loop, we need to reset...

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer...