Alireza Gharib Blog

CVE ID : CVE-2025-0195 Published : Jan. 3, 2025, 6:15 p.m. | 45 minutes ago Description : A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/del_product.php. The manipulation of the argument id leads…

CVE ID : CVE-2024-56412 Published : Jan. 3, 2025, 6:15 p.m. | 45 minutes ago Description : PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to bypass of the cross-site scripting sanitizer using the javascript protocol and special characters. An attacker can use…

CVE ID : CVE-2024-56411 Published : Jan. 3, 2025, 6:15 p.m. | 45 minutes ago Description : PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability of the hyperlink base in the HTML page header. The HTML page is formed…

CVE ID : CVE-2024-56410 Published : Jan. 3, 2025, 6:15 p.m. | 45 minutes ago Description : PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability in custom properties. The HTML page is generated without clearing custom properties. Versions 3.7.0,…

CVE ID : CVE-2024-36613 Published : Jan. 3, 2025, 6:15 p.m. | 45 minutes ago Description : FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. Severity: 0.0 | NA Visit the link for more details,…

CVE ID : CVE-2024-35365 Published : Jan. 3, 2025, 6:15 p.m. | 45 minutes ago Description : FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to…

CVE ID : CVE-2025-21610 Published : Jan. 3, 2025, 5:15 p.m. | 1 hour, 45 minutes ago Description : Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.12 are vulnerable to cross-site scripting when pasting malicious code in the link field. An attacker could trick the user to copy&paste a malicious `javascript:`…

CVE ID : CVE-2025-21609 Published : Jan. 3, 2025, 5:15 p.m. | 1 hour, 45 minutes ago Description : SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the `POST /api/history/getDocHistoryContent` endpoint. An attacker can craft a payload to exploit this vulnerability, resulting…