CVE-2024-50573

In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services...

CVE-2024-8602

CVE-2024-8602 concerns XXE in XML parsing from PDFs via the default DocumentBuilder settings in taxstatement.jar. Connected data confirms affected software: taxstatement.jar versions 2.2.2 and 2.2.4. Root cause: DocumentBuilder configured to allow external entities, enabling an XML external entit...

CVE-2024-8602 XML Eternal Entity Attack in the Software Library taxstatement.jar

When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE XML External Entity attack. Further information on this can be found on the website of the Open Worldwide Application Security Project OWASP. An attacker...

CVE-2024-6135

BT:Classic: Multiple missing buf length checks...

CVE-2024-7078

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection.This issue affects Semtek Sempos: through 31072024...

CVE-2024-45447

Access control vulnerability in the camera framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2024-38157

Azure IoT SDK Remote Code Execution Vulnerability...

USN-6904-1 pymongo vulnerability

It was discovered that PyMongo incorrectly handled certain BSON. An attacker could possibly use this issue to read sensitive information or cause a crash...

CVE-2024-38091

Microsoft WS-Discovery Denial of Service Vulnerability...

CVE-2023-37541

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios...

UBUNTU-CVE-2024-38276

Incorrect CSRF token checks resulted in multiple CSRF risks...

UBUNTU-CVE-2024-34001

Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk...

CVE-2024-3979

A vulnerability, which was classified as problematic, has been found in COVESA vsomeip up to 3.4.10. Affected by this issue is some unknown functionality. The manipulation leads to race condition. An attack has to be approached locally. The exploit has been disclosed to the public and may be used...

CVE-2024-2659

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function...

CVE-2023-52546

Vulnerability of package name verification being bypassed in the Calendar app. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2023-52714

Vulnerability of defects introduced in the design process in the hwnff module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2024-20848

Improper Input Validation vulnerability in text parsing implementation of libsdffextractor prior to SMR Apr-2024 Release 1 allows local attackers to write out-of-bounds memory...

CVE-2024-0050

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-24701

Cross-Site Request Forgery CSRF vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20...

CVE-2024-25915

Server-Side Request Forgery SSRF vulnerability in Raaj Trambadia Pexels: Free Stock Photos.This issue affects Pexels: Free Stock Photos: from n/a through 1.2.2...