CVE-2024-56335 Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's...

CVE-2024-56335 Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's...

CVE-2022-40732

An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboo...

Reolink Multiple IP Cameras OS Command Injection Vulnerability

Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail" functionality to inject and run OS commands as root...

CVE-2024-9819 IDOR in NextGEO's NG Analyser

Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse. This issue affects NG Analyser: before 2.2.711...

CVE-2024-9819 IDOR in NextGEO's NG Analyser

Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse. This issue affects NG Analyser: before 2.2.711...

CVE-2024-9819

CVE-2024-9819 affects NextGeography NG Analyser. Affects NG Analyser prior to version 2.2.711 due to an Authorization Bypass via a user-controlled key, allowing misuse of functionality. Mitigation: upgrade to NG Analyser 2.2.711 or later. The issue is identified with CVSS3.1 metrics (Network atta...

CVE-2024-55496

A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project 1.0. This issue affects some unknown functionality of addcompany.php. Actions on the delete parameter result in SQL injection...

CVE-2024-54417 WordPress PixProof plugin <= 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in pixelgrade PixProof pixproof allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PixProof: from n/a through = 2.0.1...

CVE-2024-54417 WordPress PixProof plugin <= 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in pixelgrade PixProof pixproof allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PixProof: from n/a through = 2.0.1...

PT-2024-36318 · Unknown · Aphorismus

Name of the Vulnerable Software and Affected Versions: Aphorismus versions 1.2.0 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

OSV-2024-1372 Bad-cast to Assimp::LogStream from Assimp::OptimizeMeshesProcess

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=383595860 Crash type: Bad-cast Crash state: Bad-cast to Assimp::LogStream from Assimp::OptimizeMeshesProcess CallbackToLogRedirector Assimp::DefaultLogger::WriteToStreams...

CVE-2023-41133

Authentication Bypass by Spoofing vulnerability in Michal Novák Secure Admin IP allows Functionality Bypass.This issue affects Secure Admin IP: from n/a through 2.0...

CVE-2023-41133 WordPress Secure Admin IP plugin <= 2.0 - IP Spoofing vulnerability

Authentication Bypass by Spoofing vulnerability in Michal Novák Secure Admin IP allows Functionality Bypass.This issue affects Secure Admin IP: from n/a through 2.0...

GO-2024-3205 Infinite loop in github.com/gomarkdown/markdown

Infinite loop in github.com/gomarkdown/markdown...

Important: Red Hat Enhancement Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.15.0

Errata Advisory for Red Hat OpenShift GitOps v1.15.0. In the upcoming release of Red Hat OpenShift GitOps 1.15, several key components are being upgraded to enhance functionality and performance...

Method Exposure

orchid/platform is vulnerable to Method Exposure. The vulnerability is due to inadequate access control in the asynchronous modal functionality of the Orchid Platform, allows arbitrary methods within the Screen class to be called without proper validation, enabling attackers to exploit the expose...

openSUSE 15 Security Update : cobbler (openSUSE-SU-2024:0382-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0382-1 advisory. Update to 3.3.7: Security: Fix issue that allowed anyone to connect to the API as admin CVE-2024-47533, boo1231332 bind - Fix bug that prevents cname...

SUSE SLES15 Security Update : kernel (Live Patch 20 for SLE 15 SP4) (SUSE-SU-2024:4276-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4276-1 advisory. This update for the Linux Kernel 5.14.21-1504002497 fixes several issues. The following security issues were fixed: - CVE-2024-36904: tcp: Use...

December 10, 2024—Hotpatch KB5048800 (OS Build 20348.2908)

December 10, 2024—Hotpatch KB5048800 OS Build 20348.2908 Improvements and fixes This security update includes quality improvements. Below is a summary of the key issues that this update addresses when you install this KB. If there are new features, it lists them as well. The bold text within the...