CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-54924 |
Description: A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (7 months ago)
|
|
CVE-2024-54923 |
Description: A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (7 months ago)
|
|
CVE-2024-54921 |
Description: A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (7 months ago)
|
|
CVE-2024-54920 |
Description: A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.
CVSS: LOW (0.0) EPSS Score: 0.11%
December 10th, 2024 (7 months ago)
|
|
CVE-2024-54919 |
Description: A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 10th, 2024 (7 months ago)
|
|
CVE-2024-54750 |
Description: Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: In Ubiquiti's view there is no vulnerability as the Hardcoded Password should be after setup not before.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (7 months ago)
|
|
CVE-2024-53947 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887 with additional disallowed PostgreSQL functions now included: query_to_xml_and_xmlschema, table_to_xml, table_to_xml_and_xmlschema.
This issue affects Apache Superset: <4.1.0.
Users are recommended to upgrade to version 4.1.0, which fixes the issue or add these Postgres functions to the config set DISALLOWED_SQL_FUNCTIONS.
CVSS: LOW (2.3) EPSS Score: 0.04%
December 10th, 2024 (7 months ago)
|
|
CVE-2024-53450 |
Description: RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized access to user documents.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (7 months ago)
|
|
CVE-2024-53441 |
Description: An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (7 months ago)
|
|
CVE-2024-53098 |
Description: In the Linux kernel, the following vulnerability has been resolved:
drm/xe/ufence: Prefetch ufence addr to catch bogus address
access_ok() only checks for addr overflow so also try to read the addr
to catch invalid addr sent from userspace.
(cherry picked from commit 9408c4508483ffc60811e910a93d6425b8e63928)
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (7 months ago)
|