23 matches found
CVE-2026-34451
Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix check that did no...
Fedora: Security Advisory (FEDORA-2025-58fe871812)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-ec760de8e2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 42 : proxychains-ng (2025-ec760de8e2)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-ec760de8e2 advisory. Update to master to fix CVE-2025-34451 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
CVE-2025-34451
rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxyfromstring located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password...
PT-2025-34451 · Reolink · Reolink
Name of the Vulnerable Software and Affected Versions: Reolink version 4.54.0.4.20250526 Description: A cross-site scripting XSS issue exists in the valuateJavascript function, potentially allowing attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: Update t...
CVE-2022-34451
creationtimestamp| type| source ---|---|--- 2025-03-24 18:22:49+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8486...
CVE-2024-34451
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers...
CVE-2024-34451
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers...
CVE-2024-34451
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limiting protection mechanism by using multiple X-Forwarded-For headers with different values. Affected software: Ghost, version 5.85.1 and earlier. Root cause: abuse of X-Forwarded-For headers to defeat rate-limiting. ...
CVE-2023-34451
creationtimestamp| type| source ---|---|--- 2023-07-03 20:22:39+00:00| seen| https://t.me/cibsecurity/65870...
CVE-2023-34451
CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time ...
CVE-2023-34451 CometBFT may duplicate transactions in the mempool's data structures
CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time ...
CVE-2023-34451
Summary: CVE-2023-34451 affects CometBFT. The mempool’s two data structures (list and map) can fall out of sync, causing duplicate transactions that cannot be fully removed until a restart. This issue is described across multiple sources (NVD, GHSA, OSV) with concrete steps and impact details. Af...
CVE-2022-34451
PowerPath Management Appliance with versions 3.3 & 3.2, 3.1 & 3.0 contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to...
CVE-2022-34451
PowerPath Management Appliance (Dell) is affected by a Stored Cross‑site Scripting vulnerability. Affects versions 3.3, 3.2*, 3.1, and 3.0*; the issue is exploitable by an authenticated admin user who could hijack user sessions or induce a victim application user to issue arbitrary requests to th...
CVE-2021-34451
Microsoft Office Online Server Spoofing Vulnerability...
CVE-2021-34451
CVE-2021-34451 is a spoofing vulnerability affecting Microsoft Office Online Server. Affected product set includes Office Online Server and related Office components; exploitability is network-based with low complexity and no user interaction required per CVSS metrics (CVSS v3.1: 5.3). Microsoft ...
Security Updates for Microsoft Office Web Apps (July 2021)
The Microsoft Office Web Apps installation on the remote host is missing security updates. It is, therefore, affected by the following vulnerabilities: - Multiple remote code execution vulnerabilities in Microsoft Excel. CVE-2021-34501, CVE-2021-34518 - A spoofing vulnerability in Microsoft Offic...
KLA12220 Multiple vulnerabilities in Microsoft Office
Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A remote code execution...