Alireza Gharib Blog

CVE ID : CVE-2024-56019 Published : Jan. 2, 2025, 10:15 a.m. | 16 minutes ago Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Gavin Rehkemper Inline Footnotes allows Stored XSS.This issue affects Inline Footnotes: from n/a through 2.3.0. Severity: 6.5 | MEDIUM Visit the link for more details, such as…

CVE ID : CVE-2024-13103 Published : Jan. 2, 2025, 10:15 a.m. | 16 minutes ago Description : A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This issue affects some unknown processing of the file /goform/form2AddVrtsrv.cgi of the component Virtual Service Handler. The manipulation leads to improper access controls. The…

CVE ID : CVE-2024-56829 Published : Jan. 2, 2025, 4:15 a.m. | 6 hours, 16 minutes ago Description : Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx. Severity: 10.0 | CRITICAL Visit the link for more…

CVE ID : CVE-2024-25133 Published : Dec. 31, 2024, 3:15 p.m. | 1 day, 19 hours ago Description : A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod.…

CVE ID : CVE-2024-56207 Published : Dec. 31, 2024, 2:15 p.m. | 1 day, 20 hours ago Description : Cross-Site Request Forgery (CSRF) vulnerability in EditionGuard Dev Team EditionGuard for WooCommerce – eBook Sales with DRM allows Privilege Escalation.This issue affects EditionGuard for WooCommerce – eBook Sales with DRM: from n/a through 3.4.2. Severity: 8.8 | HIGH…

CVE ID : CVE-2024-56206 Published : Dec. 31, 2024, 2:15 p.m. | 1 day, 20 hours ago Description : Cross-Site Request Forgery (CSRF) vulnerability in Amarjeet Amar allows Authentication Bypass.This issue affects gap-hub-user-role: from n/a through 3.4.1. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-56204 Published : Dec. 31, 2024, 2:15 p.m. | 1 day, 20 hours ago Description : Cross-Site Request Forgery (CSRF) vulnerability in Yonatan Reinberg of Social Ink Sinking Dropdowns allows Privilege Escalation.This issue affects Sinking Dropdowns: from n/a through 1.25. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details,…

CVE ID : CVE-2024-56203 Published : Dec. 31, 2024, 2:15 p.m. | 1 day, 20 hours ago Description : Cross-Site Request Forgery (CSRF) vulnerability in George Holmes II Wayne Audio Player allows Privilege Escalation.This issue affects Wayne Audio Player: from n/a through 1.0. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details,…

CVE ID : CVE-2024-56066 Published : Dec. 31, 2024, 2:15 p.m. | 1 day, 20 hours ago Description : Missing Authorization vulnerability in Inspry Agency Toolkit allows Privilege Escalation.This issue affects Agency Toolkit: from n/a through 1.0.23. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-56061 Published : Dec. 31, 2024, 2:15 p.m. | 1 day, 20 hours ago Description : Missing Authorization vulnerability in Webful Creations Computer Repair Shop allows Privilege Escalation.This issue affects Computer Repair Shop: from n/a through 3.8119. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline,…