Security Vulnerabilities - CVEs Published In 2024
A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-12-09
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker who can authenticate locally (by knowing or guessing the password of a user) can thus log in regardless of MFA requirements. This does not affect MFA that are performed by single sign-on services. Users are advised to upgrade to at least version 5.1.9 to receive a fix.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-12-09
Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability to create an artifact in a tracker with a Gantt chart could force a victim to execute uncontrolled code. Tuleap Community Edition 16.1.99.50, Tuleap Enterprise Edition 16.1-4, and Tuleap Enterprise Edition 16.0-7 contain a fix.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-12-09
A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.
CVSS Score
7.2
EPSS Score
0.003
Published
2024-12-09
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-12-09
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-12-09
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-12-09
A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-12-09
A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-12-09
A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-12-09