(0Day) (Pwn2Own) Pioneer DMH-WT7600NEX Telematics Directory Traversal Arbitrary File Creation Vulnerability

This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

The vulnerability of Google Chrome and Microsoft Edge web browsers allows a malicious actor to gain unauthorized access to limited functionality.

The vulnerability of Google Chrome and Microsoft Edge web browsers relates to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to limited functionality...

The vulnerability of the Canvas component in Google Chrome and Microsoft Edge browsers allows attackers to gain unauthorized access to limited functionality.

The vulnerability of the Canvas component in Google Chrome and Microsoft Edge is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to limited functionality...

CVE-2024-6366

The CVE concerns the WordPress plugin User Profile Builder (cozmoslabs) prior to version 3.11.8, where improper authorization allows unauthenticated users to upload media files via the async upload feature. Affected: User Profile Builder

AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

Arbitrary Script Execution

anki is vulnerable to Arbitrary Script Execution. The vulnerability is due to inadequate validation and handling of flashcard content in the MPV functionality, allowing an attacker to send a malicious flashcard that can trigger arbitrary code execution...

CVE-2024-38288

A command-injection issue in the Certificate Signing Request CSR functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root...

Malicious code in harthat-chain (npm)

The package contains a preinstall hook which silently executes a malicious script with downloader functionality. This is characteristic of an ongoing North Korean state-sponsored campaign...

SUSE CVE-2024-32152

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability...

Certification Vulnerabilities for Multiple SICAM Products Lacking Critical Functionality

The SICAM 8 power automation platform is a universal, integrated hardware and software-based solution for all applications in the power supply sector.The SICAM A8000 RTUs are modular devices for remote control and automation applications in all areas of energy supply.The SICAM EGS is the gateway ...

NVIDIA GPU Compiler Driver Shader Functionality out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2024-1956 NVIDIA GPU Compiler Driver Shader Functionality out-of-bounds read vulnerability July 23, 2024 CVE Number CVE-2024-0107 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA GPU Compiler Driver 551.61,...

GHSA-9GQ7-P5W9-W899 Ankitects Anki arbitrary script execution vulnerability

An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability...

CVE-2024-32152

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability...

CVE-2024-26020

An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability...

DEBIAN-CVE-2024-26020

An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability...

CVE-2024-32152

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability...

CVE-2024-32152

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability...

CVE-2024-26020

An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability...

CVE-2024-26020

CVE-2024-26020 : The vulnerability affects Ankitects Anki 24.04, where the MPV functionality in flashcards processes user-supplied content and can trigger arbitrary code execution via a crafted flashcard. Multiple connected sources corroborate exploitation potential and assign high/critical impac...

CVE-2024-26020

An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability...