584 matches found
Amazon Linux 2 : git (ALAS-2025-2737)
The version of git installed on the remote host is prior to 2.47.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2737 advisory. Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level...
PT-2025-4643 · Unknown · Taskbuilder
Name of the Vulnerable Software and Affected Versions: Taskbuilder versions 3.0.6 and earlier Description: The issue is related to improper neutralization of special elements used in an SQL command, allowing SQL injection. This problem can pose a significant cybersecurity risk. Recommendations: F...
PT-2025-1702 · WordPress · Nitropack
Name of the Vulnerable Software and Affected Versions: NitroPack plugin for WordPress versions up to, and including, 1.17.0 Description: The issue arises from a missing capability check in the nitropack rml notification function, allowing authenticated attackers with subscriber access or higher t...
PT-2024-36827 · Lgsl · Lgsl
Name of the Vulnerable Software and Affected Versions: LGSL Live Game Server List versions up to and including 6.2.1 Description: The issue is related to a reflected cross-site scripting vulnerability in the Referer HTTP header. This vulnerability allows attackers to inject arbitrary JavaScript...
Amazon Linux 2 : vim (ALAS-2024-2711)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2711 advisory. Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in t...
CVE-2024-56330 Session VNC may be accessed by other sessions on the same host in stardust
Stardust is a platform for streaming isolated desktop containers. With this exploit, inter container communication ICC is not disabled. This would allow users within a container to access another containers agent, therefore compromising access.The problem has been patched in any Stardust build pa...
CVE-2024-35230 Welcome and About GeoServer pages communicate version and revision information
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use including library and components used. This information is sensitive...
CVE-2024-50184 affecting package kernel for versions less than 5.15.173.1-1
CVE-2024-50184 affecting package kernel for versions less than 5.15.173.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-49886 affecting package kernel for versions less than 5.15.173.1-1
CVE-2024-49886 affecting package kernel for versions less than 5.15.173.1-1. An upgraded version of the package is available that resolves this issue...
PT-2024-16841 · WordPress · Memberlite Shortcodes
Name of the Vulnerable Software and Affected Versions: Memberlite Shortcodes plugin for WordPress versions up to, and including, 1.3.9 Description: The issue is related to Stored Cross-Site Scripting via the memberlite accordion shortcode due to insufficient input sanitization and output escaping...
PT-2024-35384 · Unknown · Step-Security/Harden-Runner
Name of the Vulnerable Software and Affected Versions: step-security/harden-runner versions prior to v2.10.2 Description: The issue concerns command injection weaknesses via environment variables in step-security/harden-runner. These weaknesses could potentially be exploited under specific...
PT-2024-31722 · Ibm · Ibm Security Soar
Name of the Vulnerable Software and Affected Versions: IBM Security SOAR versions 51.0.1.0 and earlier Description: The issue concerns a weak password recovery mechanism that allows users to recover or change their passwords without knowing the original password. However, the user account must be...
Exploit for Unrestricted Upload of File with Dangerous Type in Chamilo Chamilo_Lms
Chamilo LMS CVE-2023-4220 Exploit Overview This script ex...
SUSE CVE-2024-47889
Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the blockformat helper in Action Mailer. Carefully crafted text can cause the blockformat helper to...
PT-2024-32837 · Elabftw · Elabftw
Name of the Vulnerable Software and Affected Versions: eLabFTW versions prior to 5.1.5 Description: A vulnerability in eLabFTW allows an attacker to inject arbitrary HTML tags in the pages "experiments.php" show mode, "database.php" show mode, or "search.php". This is achieved by providing HTML...
Exploit for CVE-2024-2876
CVE-2024-2876 - SQL Injection Vulnerability in Email Subscribe...
CVE-2024-47773 Anonymous cache poisoning via XHR requests in Discourse
Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse...
CVE-2024-8462
Windmill 1.380.0 is affected by CVE-2024-8462 in the HTTP Request Handler (backend/windmill-api/src/users.rs), leading to improper restriction of excessive authentication attempts. The vulnerability is exploitable remotely with high attack complexity and low reported impact; upgrading to version ...
PT-2024-38749 · Unknown · Demozx Gf Cms
Name of the Vulnerable Software and Affected Versions: demozx gf cms versions 1.0 through 1.0.1 Description: A critical issue has been found in the JWT Authentication component, specifically affecting the init function of the file internal/logic/auth/auth.go. This allows for the manipulation of...
CVE-2024-42468 Path traversal (CometVisu)
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the...