-
CVE-2025-22145 – Carbon PHP DateTime Remote File Include Vulnerability
CVE ID : CVE-2025-22145 Published : Jan. 8, 2025, 9:15 p.m. | 29 minutes ago Description : Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include…
-
CVE-2024-52869 – Teradata SUSE Enterprise Linux Server Elevated Privilege Group Misassignment
CVE ID : CVE-2024-52869 Published : Jan. 8, 2025, 9:15 p.m. | 29 minutes ago Description : Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server (SLES) 12 Service Pack (SP) 2 or 3 to SLES 15 SP2…
-
CVE-2024-13190 – ZeroWdd Myblog Xml Injection
CVE ID : CVE-2024-13190 Published : Jan. 8, 2025, 9:15 p.m. | 29 minutes ago Description : A vulnerability classified as critical was found in ZeroWdd myblog 1.0. This vulnerability affects unknown code of the file src/main/resources/mapper/BlogMapper.xml. The manipulation of the argument findBlogList/getTotalBlogs leads to xml injection. The attack can be initiated remotely. The exploit has…
-
CVE-2025-0194 – GitLab Information Disclosure
CVE ID : CVE-2025-0194 Published : Jan. 8, 2025, 8:15 p.m. | 1 hour, 28 minutes ago Description : An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.1, starting from 17.6 prior to 17.6.1, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged…
-
CVE-2024-13189 – ZeroWdd MyBlog Remote File Permission Bypass Vulnerability
CVE ID : CVE-2024-13189 Published : Jan. 8, 2025, 8:15 p.m. | 1 hour, 28 minutes ago Description : A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown part of the file src/main/java/com/wdd/myblog/config/MyBlogMvcConfig.java. The manipulation leads to permission issues. It is possible to initiate the attack remotely. The exploit has…
-
CVE-2025-22140 – WeGIA SQL Injection Vulnerability (Authenticated)
CVE ID : CVE-2025-22140 Published : Jan. 8, 2025, 7:15 p.m. | 2 hours, 28 minutes ago Description : WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar_um.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability…
-
CVE-2024-54818 – SourceCodester Computer Laboratory Management System Unauthenticated Remote OS Command Injection
CVE ID : CVE-2024-54818 Published : Jan. 8, 2025, 7:15 p.m. | 2 hours, 28 minutes ago Description : SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. via /php-lms/admin/?page=user/list. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source
-
CVE-2025-22137 – Pingvin Share File Traversal
CVE ID : CVE-2025-22137 Published : Jan. 8, 2025, 4:15 p.m. | 5 hours, 28 minutes ago Description : Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive system files, via…