Cross-Site Request Forgery (CSRF)

ProcessWire is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due to inadequate handling of comments functionality, which allows a remote attacker to comment as another user...

Ankitects Anki MPV script injection vulnerability

Talos Vulnerability Report TALOS-2024-1993 Ankitects Anki MPV script injection vulnerability July 22, 2024 CVE Number CVE-2024-26020 SUMMARY An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary...

GHSA-R9VW-CJF9-XH4X ProcessWire Cross Site Request Forgery vulnerability

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

ProcessWire Cross Site Request Forgery vulnerability

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

CVE-2024-41597

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

CVE-2024-39906 Remote code execution in Haven IndieAuthClient (GHSL-2024-093)

A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads t...

CVE-2024-41597

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

CVE-2024-41597

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

CVE-2024-5618

Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Apinizer Management Console: before 2024.05.1...

BIT-WORDPRESS-2023-28492

Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through 1.4.10...

CVE-2024-40515

An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48cn allows a remote attacker to execute arbitrary code via the Routing functionality...

CVE-2024-40515

An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48cn allows a remote attacker to execute arbitrary code via the Routing functionality...

CVE-2024-40503

An issue in Tenda AX12 v.16.03.49.18cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling...

CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. GeoServer is an open-source software server written in Java that...

CVE-2024-40516

An issue in H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the Routing functionality...

CVE-2024-40516

An issue in H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the Routing functionality...

PT-2024-28892 · Tenda · Tenda Ax2Pro

Name of the Vulnerable Software and Affected Versions: Tenda AX2pro version V16.03.29.48 cn Description: The issue allows a remote attacker to execute arbitrary code via the Routing functionality. Recommendations: For Tenda AX2pro version V16.03.29.48 cn, consider disabling the Routing...

PT-2024-28893 · H3C · H3C Magic Rc3000

Name of the Vulnerable Software and Affected Versions: H3C Magic RC3000 version RC3000V100R009 Description: The issue allows a remote attacker to execute arbitrary code via the Routing functionality. Recommendations: For version RC3000V100R009, consider disabling the Routing functionality until a...

CVE-2024-40515

CVE-2024-40515 affects SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro (V16.03.29.48_cn). The vulnerability allows remote code execution via the device’s Routing functionality. Multiple connected sources confirm a network-remote compromise with high impact (C/H/I/A). Root cause details are not exh...

CVE-2024-40516

CVE-2024-40516 affects H3C Magic RC3000 RC3000V100R009. The vulnerability exists in the Routing functionality and enables a remote attacker to execute arbitrary code. Reported severity is CVSS 3.1 base score 8.8 (HIGH) with adjacent attack vector, no privileges, no user interaction required, and ...