CVE-2024-24769

Vantage6 exposes a MFA reset flow via API that can email users without a limit to the number of emails sent (pre-5.0.0). Root cause: lack of rate limiting on MFA reset email dispatch. Impact is described as very low since MFA reset requires a valid password, but abuse can overwhelm a mailbox and ...

CVE-2024-24769 Vantage6: No limit on emails sent for password/MFA reset

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a l...

vantage6-algorithm-store (>=4.3.0 <=4.15.1rc1), vantage6-node (>=0.0.0 <=4.15.1rc1) +1 more potentially affected by CVE-2024-24769 via vantage6 (>=0.0.0 <=4.9.1)

vantage6 PYPI version =0.0.0, =4.3.0, =0.0.0, =0.0.0, =4.15.1rc1 Source cves: CVE-2024-24769 Source advisory: OSV:GHSA-5549-C5Q7-FJ65...

CVE-2026-24769

creationtimestamp| type| source ---|---|--- 2026-01-28 21:55:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdjb7fmhuu2n...

CVE-2025-24769

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BZOTheme Zenny bw-zenny allows PHP Local File Inclusion.This issue affects Zenny: from n/a through = 1.7.5...

CVE-2025-24769

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BZOTheme Zenny bw-zenny allows PHP Local File Inclusion.This issue affects Zenny: from n/a through = 1.7.5...

CVE-2025-24769

CVE-2025-24769: Zenny WordPress Theme

WordPress Zenny Theme <= 1.7.5 is vulnerable to Local File Inclusion

Software Zenny Type Theme Vulnerable versions = 1.7.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-24769 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 2ee43f510f3c Credits Phat RiO - BlueRock Required privilege Unauthenticate...

CVE-2021-24769

The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection...

CVE-2024-11801

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability ...

CVE-2024-11801 Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability ...

CVE-2024-11801 Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability ...

CVE-2024-11801

Fuji Electric Tellus Lite V-Simulator 5 V8 contains a vulnerability in the V8 file parsing path. The flaw is an out-of-bounds write caused by insufficient validation of user-supplied data, enabling arbitrary code execution in the context of the vulnerable process. Exploitation requires user inter...

Security Bulletin: IBM Concert is vulnerable to multiple issues due to Cloud Pak Openshift

Summary IBM Concert Software uses multiple open source libraries from Cloud Pak Openshift which are susceptible to various security vulnerabilities. Vulnerability Details CVEID:CVE-2020-12912 DESCRIPTION: AMD Energy Driver for Linux could allow a local attacker to obtain sensitive information,...

Security Bulletin: IBM Storage Ceph is vulnerable to Files or Directories Accessible to External Parties in Grafana (CVE-2021-41089, CVE-2022-24769, CVE-2021-41091, CVE-2018-20699, CVE-2022-36109)

Summary Moby is used by IBM Storage Ceph in Grafana as part of metrics. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2021-41089, CVE-2022-24769, CVE-2021-41091, CVE-2018-20699, CVE-2022-36109. Vulnerability Details CVEID:CVE-2022-36109 DESCRIPTION: Moby...

Amazon Linux 2 : containerd (ALASECS-2023-023)

The version of containerd installed on the remote host is prior to 1.4.13-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2023-023 advisory. A flaw was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process...

Advisory ROSA-SA-2023-2209

software: runc 1.1.7 OS: ROSA-CHROME packageevrstring: runc-1.1.1.7-1.src.rpm CVE-ID: CVE-2021-43784 BDU-ID: 2023-02652 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Runc isolated container tool is related to integer overflow. Exploitation of the vulnerability allows an attacker acting...

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-36109 DESCRIPTION: Moby could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw with the supplementary groups are not set up properly. By...

CBL Mariner 2.0 Security Update: moby-runc (CVE-2022-24769)

The version of moby-runc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-24769 advisory. - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bu...

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2023-079)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-079 advisory. A bug was found in containerd where containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary...