-
CVE-2024-53995 – SickChill Open Redirect Vulnerability
CVE ID : CVE-2024-53995 Published : Jan. 8, 2025, 9:15 p.m. | 29 minutes ago Description : SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint’s `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open…
-
CVE-2024-13190 – ZeroWdd Myblog Xml Injection
CVE ID : CVE-2024-13190 Published : Jan. 8, 2025, 9:15 p.m. | 29 minutes ago Description : A vulnerability classified as critical was found in ZeroWdd myblog 1.0. This vulnerability affects unknown code of the file src/main/resources/mapper/BlogMapper.xml. The manipulation of the argument findBlogList/getTotalBlogs leads to xml injection. The attack can be initiated remotely. The exploit has…
-
CVE-2025-22143 – WeGIA Web Manager Reflected Cross-Site Scripting
CVE ID : CVE-2025-22143 Published : Jan. 8, 2025, 8:15 p.m. | 1 hour, 28 minutes ago Description : WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the listar_permissoes.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_e parameter. This vulnerability…
-
CVE-2024-13189 – ZeroWdd MyBlog Remote File Permission Bypass Vulnerability
CVE ID : CVE-2024-13189 Published : Jan. 8, 2025, 8:15 p.m. | 1 hour, 28 minutes ago Description : A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown part of the file src/main/java/com/wdd/myblog/config/MyBlogMvcConfig.java. The manipulation leads to permission issues. It is possible to initiate the attack remotely. The exploit has…
-
CVE-2025-22141 – WeGIA Web Manager SQL Injection Vulnerability
CVE ID : CVE-2025-22141 Published : Jan. 8, 2025, 7:15 p.m. | 2 hours, 28 minutes ago Description : WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /dao/verificar_recursos_cargo.php endpoint, specifically in the cargo parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability…
-
CVE-2025-22140 – WeGIA SQL Injection Vulnerability (Authenticated)
CVE ID : CVE-2025-22140 Published : Jan. 8, 2025, 7:15 p.m. | 2 hours, 28 minutes ago Description : WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar_um.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability…
-
CVE-2025-0291 – Google Chrome Type Confusion Vulnerability
CVE ID : CVE-2025-0291 Published : Jan. 8, 2025, 7:15 p.m. | 2 hours, 28 minutes ago Description : Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Severity: 8.3 | HIGH Visit the link for…
-
CVE-2024-51442 – Minidlna Command Injection Vulnerability
CVE ID : CVE-2024-51442 Published : Jan. 8, 2025, 6:15 p.m. | 3 hours, 28 minutes ago Description : Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected…
-
CVE-2024-55656 – Redis RedisBloom Probabilistic Data Structures Integer Overflow Information Leak Out-of-Bounds Write
CVE ID : CVE-2024-55656 Published : Jan. 8, 2025, 4:15 p.m. | 5 hours, 28 minutes ago Description : RedisBloom adds a set of probabilistic data structures to Redis. There is an integer overflow vulnerability in RedisBloom, which is a module used in Redis. The integer overflow vulnerability allows an attacker (a redis client which knows the…