CVE-2024-8640 : GITLAB ENTERPRISE EDITION UP TO 17.1.6/17.2.4/17.3.1 CUBE SERVER COMMAND INJECTION

Description An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2

Description Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to

Description CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal,

Description Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection. This issue affects:  Product Affected

Description An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft

Description A vulnerability in the JSON-RPC API feature in ConfD that is used by the web-based management interfaces of Cisco

Description COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt

Description In the Linux kernel, the following vulnerability has been resolved: nvme: move stopping keep-alive into nvme_uninit_ctrl() Commit 4733b65d82bd (“nvme:

Description A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises

Description A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability,

Description A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update

Description A vulnerability, which was classified as problematic, has been found in Kaon CG3000 1.01.43. Affected by this issue is

Description A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. Affected by this vulnerability is an

Description An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through

Description Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update

Description Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user

Description Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to

Description An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial

Description The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in

Description DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker

Description body-parser is Node.js body parsing middleware. body-parser

Description SpiderControl SCADA Web Server has a vulnerability that could allow an attacker to upload specially crafted malicious files without

Description Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6

Description An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400. The xclipse amdgpu driver has a reference