EUVD-2024-18532

Malicious code in bioql PyPI...

GHSA-W2CQ-G8G3-GM83 content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE

Impact A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if you provide a policy name called proto you can override the Object prototype. For example: const parse = require'content-security-policy-parser'; const x = parse"default-src 'self'; proto foobar";...

content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE

Impact A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if you provide a policy name called proto you can override the Object prototype. For example: const parse = require'content-security-policy-parser'; const x = parse"default-src 'self'; proto foobar";...

CVE-2024-27757

flusity CMS through 2.45 allows tools/addonsmodel.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024."...

CVE-2024-0937

A vulnerability, which was classified as critical, has been found in vanderSchaar LAB synthcity 0.2.9. Affected by this issue is the function loadfromfile of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been...

Security Bulletin: IBM Automation Decision Services - Multiple CVEs addressed (February 2024)

Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-36054 DESCRIPTION: MIT Kerberos 5 aka krb5...

QNAP Systems Video Station SQL注入漏洞

QNAP Systems Video Station is a video management and playback application from QNAP Systems. A SQL injection vulnerability exists in QNAP Systems Video Station version 5.8.1 2024/02/26 and earlier versions, which stems from the inclusion of a SQL injection vulnerability. An attacker could exploit...

CVE-2024-27757

flusity CMS through 2.45 allows tools/addonsmodel.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024."...

NVIDIA GPU Display Driver - February 2024 - Lenovo Support US

No description provided...

Summary of Vulnerabilities, Actors & Attacks: February 2024

...

CISA Known Exploited Vulnerability Catalog February 2024

For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog,...

Fedora 38 : dotnet6.0 (2024-b0e165ded6)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b0e165ded6 advisory. This is the February 2024 security update for .NET 6 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

GHSA-7WXF-R2QV-9XWR

creationtimestamp| type| source ---|---|--- 2024-02-29 23:26:27+00:00| seen| https://t.me/ctinow/197112...

ihsa.ca Cross Site Scripting vulnerability OBB-3862112

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-2001

creationtimestamp| type| source ---|---|--- 2024-02-29 15:21:42+00:00| seen| https://t.me/ctinow/196721 2024-02-29 15:27:02+00:00| seen| https://t.me/ctinow/196727...

neist.res.in Cross Site Scripting vulnerability OBB-3861947

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

makupalat.fi Cross Site Scripting vulnerability OBB-3861775

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-51529

creationtimestamp| type| source ---|---|--- 2024-02-29 06:36:55+00:00| seen| https://t.me/ctinow/196216 2024-02-29 06:41:16+00:00| seen| https://t.me/ctinow/196223...

CVE-2013-10030

creationtimestamp| type| source ---|---|--- 2024-02-29 02:21:28+00:00| seen| https://t.me/ctinow/196091 2024-02-29 02:26:15+00:00| seen| https://t.me/ctinow/196092...

campidron.org Cross Site Scripting vulnerability OBB-3861524

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...