AuthKit Next.js Library 日志信息泄露漏洞

AuthKit Next.js Library is an open source Next.js AuthKit library for WorkOS. A logging information disclosure vulnerability exists in the AuthKit Next.js Library, where a refresh token is logged to the console when the "debug" flag is enabled, which is disabled by default...

PT-2024-34883

Name of the Vulnerable Software and Affected Versions AuthKit library for Next.js versions prior to 0.13.2 Description The issue concerns the logging of refresh tokens to the console when the debug flag is enabled. This flag is disabled by default. There are no known workarounds for this issue...

PT-2024-34884 · Authkit +1 · Authkit +1

Name of the Vulnerable Software and Affected Versions: AuthKit library for Remix versions prior to 0.4.1 Description: The issue concerns the logging of refresh tokens to the console when the debug flag is enabled. This flag is disabled by default. There are no known workarounds for this issue. Al...

CVE-2024-9799 SourceCodester Profile Registration without Reload Refresh add.php cross site scripting

A vulnerability has been found in SourceCodester Profile Registration without Reload Refresh 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file add.php. The manipulation of the argument...

CLSA-2024-1727816002 Fix of 60 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26752 - l2tp: pass correct message length to ip6appenddata CVE-url: https://ubuntu.com/security/CVE-2023-52527 - ipv4, ipv6: Fix handling of transhdrlen in ip,6appenddata CVE-url: https://ubuntu.com/security/CVE-2024-43882 - exec: Fix ToCToU between...

CVE-2024-9092

A vulnerability was found in SourceCodester Profile Registration without Reload Refresh 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add.php of the component Registration Form. The manipulation of the argument fullname leads to cross site...

CVE-2024-9093 SourceCodester Profile Registration without Reload Refresh GET Parameter del.php sql injection

A vulnerability classified as critical has been found in SourceCodester Profile Registration without Reload Refresh 1.0. This affects an unknown part of the file del.php of the component GET Parameter Handler. The manipulation of the argument list leads to sql injection. It is possible to initiat...

CVE-2024-9092 SourceCodester Profile Registration without Reload Refresh Registration Form add.php cross site scripting

A vulnerability was found in SourceCodester Profile Registration without Reload Refresh 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add.php of the component Registration Form. The manipulation of the argument fullname leads to cross site...

SourceCodester Profile Registration without Reload Refresh SQL注入漏洞

SourceCodester Profile Registration without Reload Refresh is a SourceCodester open source application. A SQL injection vulnerability exists in SourceCodester Profile Registration without Reload Refresh version 1.0, which stems from a parameter list in the file del.php of the component GET...

PT-2024-39427 · Unknown · Sourcecodester Profile Registration Without Reload Refresh

Name of the Vulnerable Software and Affected Versions: SourceCodester Profile Registration without Reload Refresh version 1.0 Description: A critical vulnerability has been found in the software, affecting an unknown part of the file del.php of the component GET Parameter Handler. The manipulatio...

SUSE-SU-2024:3183-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 Fix Pack 30 bsc1228346 - CVE-2024-21147: Fixed an array index overflow in RangeCheckElimination. bsc1228052 - CVE-2024-21145: Fixed an out-of-bounds access in 2D image handling. bsc1228051 -...

SUSE-SU-2024:3162-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 Fix Pack 30 bsc1228346 - CVE-2024-21147: Fixed an array index overflow in RangeCheckElimination. bsc1228052 - CVE-2024-21145: Fixed an out-of-bounds access in 2D image handling. bsc1228051 -...

CVE-2024-44821

ZZCMS 2023 contains a vulnerability in the captcha reuse logic located in /inc/function.php. The checkyzm function does not properly refresh the captcha value after a failed validation attempt. As a result, an attacker can exploit this flaw by repeatedly submitting the same incorrect captcha...

ZZCMS 安全漏洞

ZZCMS is a content management system CMS from the ZZCMS team in China. A security vulnerability exists in ZZCMS version 2023, which stems from the checkyzm function failing to properly refresh the CAPTCHA value after a failed validation attempt...

The vulnerability of the DRM/VRR component in Linux kernel allows a hacker to trigger a service failure.

The vulnerability of the drm/vrr component in the Linux operating system’s kernel relates to an attempt by the driver to call the drm core set prop function without proper authorization. Exploiting this vulnerability could allow a malicious actor to cause a service failure...

Digital Library Management System 安全漏洞

Digital Library Management System DLMS is a digital library management system by the individual developer Kitsada Phoson. A security vulnerability exists in Digital Library Management System version 1.0, which stems from an issue in the JwtRefreshAuth function in...

PT-2024-38924 · Unknown · Kitsada8621 Digital Library Management System

Name of the Vulnerable Software and Affected Versions: kitsada8621 Digital Library Management System version 1.0 Description: A vulnerability was found in the kitsada8621 Digital Library Management System. It has been classified as problematic and affects the function JwtRefreshAuth of the file...

CVE-2024-39809

The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-39809

The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-39809

CVE-2024-39809 affects BIG-IP Next Central Manager. The central manager user session refresh token does not expire after logout, enabling a continued session if cookies are obtained. This is a control-plane issue with high impact (no data-plane exposure). F5's advisory lists vulnerable lineage as...