CVE-2021-47043

In the Linux kernel, the following vulnerability has been resolved: media: venus: core: Fix some resource leaks in the error path of 'venusprobe' If an error occurs after a successful 'oficcget' call, it must be undone. Use 'devmoficcget' instead of 'oficcget' to avoid the leak. Update the remove...

SUSE: Security Advisory (SUSE-SU-2023:1864-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-35471 CVE-2024-27099 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1

The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect AMQPVALUE failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987...

CVE-2024-27092 Content spoofing - real Hoppscotch emails

Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label Edit Team - TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload external link is presented in clickable form - easier to achieve own goals by malicious actors. This iss...

CVE-2024-27092 Content spoofing - real Hoppscotch emails

Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label Edit Team - TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload external link is presented in clickable form - easier to achieve own goals by malicious actors. This iss...

CVE-2024-27092 Content spoofing - real Hoppscotch emails

Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label Edit Team - TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload external link is presented in clickable form - easier to achieve own goals by malicious actors. This iss...

PT-2024-40180 · Unknown · @Nfid/Embed Sdk +2

Name of the Vulnerable Software and Affected Versions: @nfid/embed SDK versions prior to 0.10.1-alpha.6 @dfinity/auth-client versions prior to 1.0.1 @dfinity/identity versions prior to 1.0.1 Description: The issue affects user sessions in the @nfid/embed SDK that utilize Ed25519 keys, due to a...

Weak Password Vulnerability in KingH5Stream of Beijing Asian Control Technology Development Co.

Ltd. is a high-tech industrial automation and informatization software platform enterprise founded in 1997. A weak password vulnerability exists in KingH5Stream, which can be exploited by attackers to obtain sensitive information...

[SECURITY] Fedora 39 Update: mingw-qt5-qttranslations-5.15.12-1.fc39

This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler...

[SECURITY] Fedora 39 Update: mingw-qt5-qtsvg-5.15.12-1.fc39

This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler...

Fedora: Security Advisory for mingw-qt5-qtxmlpatterns (FEDORA-2024-a8cdce27ac)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Silicon Labs Ember ZNet Code Issue Vulnerability

Silicon Labs Ember ZNet is a protocol stack software from Silicon Labs, Inc. A code issue vulnerability exists in Silicon Labs Ember ZNet SDK prior to version v7.4.0 that stems from the presence of a NULL pointer dereference, which may cause a system crash...

CVE-2024-26128

baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability...

CVE-2024-25129

The CodeQL CLI repo holds binaries for the CodeQL command line interface CLI. Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously...

Cross site scripting

baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability...

CVE-2024-26128

CVE-2024-26128 applies to baserCMS. A cross-site scripting vulnerability exists in the Content Management feature in versions prior to 5.0.9. The issue is mitigated by upgrading to 5.0.9 or later, which includes the fix. Connected sources also reference fixes in 5.0.10 per later advisories. The v...

CVE-2024-26128 baserCMS Cross-site Scripting vulnerability in Content Management

baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability...

Command injection

baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability...

Cross site scripting

baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the site search feature. Version 5.0.9 contains a fix for this vulnerability...

CVE-2023-51450

Based on the connected sources, CVE-2023-51450 affects baserCMS prior to version 5.0.9, where an OS command injection exists in the site search feature. The root cause is improper handling/filtration of constructed command characters, enabling arbitrary command execution. Public impact statements...