Certain HP DesignJet products–Credentials reflection

Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials. Update your printer firmware...

CVE-2024-43364

CVE-2024-43364 affects the Cacti web framework. The vulnerability is a stored XSS due to improper sanitization of the title parameter when saving external links (links.php), with the title stored in the database and reflected in index.php. The issue is addressed in Cacti release 1.2.28 (upgrading...

CVE-2024-8149

There is a reflected Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s...

SUSE CVE-2021-37577

Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-middle attacker to identify the Passkey used during pairing by reflection of a crafted public key...

UBUNTU-CVE-2021-37577

Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-middle attacker to identify the Passkey used during pairing by reflection of a crafted public key...

PT-2024-10983 · Unknown · Bluetooth Core Specification

Name of the Vulnerable Software and Affected Versions: Bluetooth Core Specifications versions 2.1 through 5.3 Description: The issue concerns Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol. It may allow an unauthenticated...

U.S. Dept Of Defense: XSS Reflected

The web application was vulnerable to reflected cross-site scripting XSS attacks. Untrusted data from the URL parameters was included in the application's response without proper sanitization or validation. This allowed an attacker to inject malicious scripts into web pages viewed by other users...

Intumit SmartRobot 跨站脚本漏洞

Intumit SmartRobot is a web development framework from Intumit, Inc. A cross-site scripting vulnerability exists in Intumit SmartRobot versions prior to v7.1.0 that stems from failure to properly validate a specific page parameter, which could allow an unauthenticated, remote attacker to inject...

Chargen Probe Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chargen Probe Utility', 'Description' = %q Chargen is a debugging and measurement tool and a character generator service. A character generator...

HWA JIUH DIGITAL Easy test Online Learning and Testing Platform 跨站脚本漏洞

HWA JIUH DIGITAL Easy test Online Learning and Testing Platform is an Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL. A cross-site scripting vulnerability exists in HWA JIUH DIGITAL Easy test Online Learning and Testing Platform versions prior to 24A01, which stems from...

infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...

AguardNet Space Management System Cross-Site Scripting Vulnerability

AguardNet Space Management System is a space management system from China-based AguardNet. A cross-site scripting vulnerability exists in AguardNet Space Management System versions prior to 2024-04-09-3302, which stems from not properly filtering user input, allowing a remote attacker with regula...

OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers

French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service DDoS attack in April 2024 that reached a packet rate of 840 million packets per second Mpps. This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large...

CVE-2024-1574

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 a...

CVE-2024-1574

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 a...

CVE-2024-1574

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 a...

CVE-2024-1574

CVE-2024-1574 is an Unsafe Reflection vulnerability in the licensing service of ICONICS/Mitsubishi Electric products. Affected: ICONICS GENESIS64 and ICONICS Suite (GENESIS64, Hyper Historian, AnalytiX, MobileHMI) up to version 10.97.2; ICONICS GENESIS32/BizViz lines up to 9.7; MC Works64 all ver...

CVE-2024-1574

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 a...

PT-2024-8945

Name of the Vulnerable Software and Affected Versions: ICONICS GENESIS64 versions 10.97 to 10.97.2 Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 Mitsubishi Electric MC Works64 all versions Description: The issue is related to the use of externally-controlled input to select classes or...

CVE-2024-36423 GHSL-2023-246: Flowise xss in /api/v1/public-chatflows/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/public-chatflows/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to...