Embedded Web Servers In All Modicon M340, Premium, Quantum PLCs And BMXNOR0200 Security Vulnerabilities

CVE-2024-38522

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the tips.hushline.app website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version...

Exploit for SQL Injection in Progress Moveit Cloud

CVE-2023-34362: MOVEit Transfer Unauthenticated RCE For a...

Exploit for SQL Injection in Progress Moveit Cloud

CVE-2023-34362: MOVEit Transfer Unauthenticated RCE For a...

CVE-2024-37905 Improper Access Control and Incorrect Authorization in github.com/goauthentik/authentik

authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the Authentik application, including.....

CVE-2024-38522 CSP bypass in Hush Line

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the tips.hushline.app website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version...

CVE-2024-38522 CSP bypass in Hush Line

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the tips.hushline.app website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version...

CVE-2024-6403 Tenda A301 SetOnlineDevName formWifiBasicSet stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda A301 15.13.08.12. Affected by this issue is the function formWifiBasicSet of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched...

CVE-2024-6402 Tenda A301 SetOnlineDevName fromSetWirelessRepeat stack-based overflow

A vulnerability classified as critical was found in Tenda A301 15.13.08.12. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely.....

Exploit for Use After Free in Arm Avalon Gpu Kernel Driver

Exploit for CVE-2022-46395 The write up can be found...

Malicious code in @yu-life/yulife-bdd-framework (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (8dfe091de922cc251578223955b74b56ade98fa67b719bcaa584d3403602f992) The OpenSSF Package Analysis project identified '@yu-life/yulife-bdd-framework' @ 0.0.72 (npm) as malicious. It is considered malicious because: ...

Malicious code in @yu-life/react-native-yu-watch (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (461986fa4cbfe6bda33bdb99901a4c0f05e00934b4a3c5b529f1236dba9d4b1b) The OpenSSF Package Analysis project identified '@yu-life/react-native-yu-watch' @ 1.0.1 (npm) as malicious. It is considered malicious because: ...

Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data

The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early March 2024, has...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to open redirect vulnerability in VMware Tanzu Spring Framework ( CVE-2024-22243)

Summary Potential open redirect vulnerability in VMware Tanzu Spring Framework ( CVE-2024-22243) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...

TEMU sued for being “dangerous malware” by Arkansas Attorney General

Chinese online shopping giant Temu is facing a lawsuit filed by State of Arkansas Attorney General Tim Griffin, alleging that the retailer's mobile app spies on users. “Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to...

CVE-2024-38521

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version...

CVE-2024-38521

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version...

CVE-2024-29039

tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...

CVE-2024-29039

tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...

CVE-2024-29039

tpm2 is the source repository for the Trusted Platform Module (TPM2.0)...

Exploit for Code Injection in Xwiki

CVE-2024-21650 Mass Exploit -...

Exploit for Improper Input Validation in Google Android

Exploit for CVE-2022-20186 The write up can be found...

Exploit for Improper Input Validation in Google Android

Exploit for CVE-2022-20186 The write up can be found...

ecnp.eu Cross Site Scripting vulnerability OBB-3939483

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-29039 Missing check in tpm2_checkquote allows attackers to misrepresent the TPM state

tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...

CVE-2024-29039 Missing check in tpm2_checkquote allows attackers to misrepresent the TPM state

tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...

CVE-2024-38521 Persistent Cross-Site Scripting (XSS) in hushline inbox

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version...

Security Bulletin: Vulnerability in tqdm affects IBM Process Mining CVE-2024-34062

Summary There is a vulnerability in tqdm that could allow an local authenticated attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...

Security Bulletin: Vulnerability in Jinja affects IBM Process Mining CVE-2024-34064

Summary There is a vulnerability in Jinja that could allow an attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability....

Boundary vulnerable to session hijacking through TLS certificate tampering in github.com/hashicorp/boundary

Boundary vulnerable to session hijacking through TLS certificate tampering in...

Authentication Bypass by Spoofing in github.com/greenpau/caddy-security

Authentication Bypass by Spoofing in...

CRI-O's pods can break out of resource confinement on cgroupv2 in github.com/cri-o/cri-o

CRI-O's pods can break out of resource confinement on cgroupv2 in...

Grafana XSS via adding a link in General feature in github.com/grafana/grafana

Grafana XSS via adding a link in General feature in...

Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature in github.com/0xJacky/Nginx-UI

Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature in...

Grafana XSS in header column rename in github.com/grafana/grafana

Grafana XSS in header column rename in...

Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

Privilege Escalation in HashiCorp Consul in...

Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server

Mattermost leaks details of AD/LDAP groups of a teams in...

User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport

User-provided environment values allow execution on macOS agents in...

Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in github.com/gravitational/teleport

Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in...

runc vulnerable to container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

runc vulnerable to container breakout through process.cwd trickery and leaked fds in...

CubeFS leaks users key in logs in github.com/cubefs/cubefs

CubeFS leaks users key in logs in...

Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only in go.etcd.io/etcd

Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only in...

1Panel set-cookie is missing the Secure keyword in github.com/1Panel-dev/1Panel

1Panel set-cookie is missing the Secure keyword in...

Etcd Gateway TLS endpoint validation only confirms TCP reachability in go.etcd.io/etcd

Etcd Gateway TLS endpoint validation only confirms TCP reachability in...

OpenFGA denial of service in github.com/openfga/openfga

OpenFGA denial of service in...

Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana

Grafana XSS via the OpenTSDB datasource in...

Improper Validation of Array Index in github.com/greenpau/caddy-security

Improper Validation of Array Index in...

Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server

Mattermost post fetching without auditing in compliance export in...

Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder

Minder trusts client-provided mapping from repo name to upstream ID in...

Open Redirect in github.com/greenpau/caddy-security

Open Redirect in...

APM Server vulnerable to Insertion of Sensitive Information into Log File in github.com/elastic/apm-server

APM Server vulnerable to Insertion of Sensitive Information into Log File in...