Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-29 | CVE-2024-13006 | SQL Injection vulnerability in 1000Projects Human Resource Management System 1.0 A vulnerability, which was classified as critical, has been found in 1000 Projects Human Resource Management System 1.0. | 9.8 |
| 2024-12-29 | CVE-2024-13004 | SQL Injection vulnerability in PHPgurukul Complaint Management System 1.0 A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. | 9.8 |
| 2024-12-29 | CVE-2024-12238 | The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. | 6.3 |
| 2024-12-29 | CVE-2024-13000 | SQL Injection vulnerability in PHPgurukul Small CRM 1.0 A vulnerability was found in PHPGurukul Small CRM 1.0 and classified as critical. | 9.8 |
| 2024-12-29 | CVE-2024-13001 | SQL Injection vulnerability in PHPgurukul Small CRM 1.0 A vulnerability was found in PHPGurukul Small CRM 1.0. | 9.8 |
| 2024-12-29 | CVE-2024-12999 | SQL Injection vulnerability in PHPgurukul Small CRM 1.0 A vulnerability has been found in PHPGurukul Small CRM 1.0 and classified as critical. | 9.8 |
| 2024-12-28 | CVE-2024-12998 | Cross-site Scripting vulnerability in Fabianros Online CAR Rental System 1.0 A vulnerability, which was classified as problematic, was found in code-projects Online Car Rental System 1.0. | 6.1 |
| 2024-12-28 | CVE-2024-56512 | Missing Authorization vulnerability in Apache Nifi Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases where the Process Group did not reference any Parameter values, the framework did not check user authorization for the bound Parameter Context. | 5.4 |
| 2024-12-28 | CVE-2024-56682 | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: irqchip/riscv-aplic: Prevent crash when MSI domain is missing If the APLIC driver is probed before the IMSIC driver, the parent MSI domain will be missing, which causes a NULL pointer dereference in msi_create_device_irq_domain(). Avoid this by deferring probe until the parent MSI domain is available. | 5.5 |
| 2024-12-28 | CVE-2024-56687 | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix hardware lockup on first Rx endpoint request There is a possibility that a request's callback could be invoked from usb_ep_queue() (call trace below, supplemented with missing calls): req->complete from usb_gadget_giveback_request (drivers/usb/gadget/udc/core.c:999) usb_gadget_giveback_request from musb_g_giveback (drivers/usb/musb/musb_gadget.c:147) musb_g_giveback from rxstate (drivers/usb/musb/musb_gadget.c:784) rxstate from musb_ep_restart (drivers/usb/musb/musb_gadget.c:1169) musb_ep_restart from musb_ep_restart_resume_work (drivers/usb/musb/musb_gadget.c:1176) musb_ep_restart_resume_work from musb_queue_resume_work (drivers/usb/musb/musb_core.c:2279) musb_queue_resume_work from musb_gadget_queue (drivers/usb/musb/musb_gadget.c:1241) musb_gadget_queue from usb_ep_queue (drivers/usb/gadget/udc/core.c:300) According to the docstring of usb_ep_queue(), this should not happen: "Note that @req's ->complete() callback must never be called from within usb_ep_queue() as that can create deadlock situations." In fact, a hardware lockup might occur in the following sequence: 1. | 5.5 |