CVE-2024-2843

The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks...

Fixed in ClickHouse v24.5, 2024-08-01​

It is possible to redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time of...

CVE-2024-41260

A static initialization vector IV in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information email addresses when in possession of the audit events database...

NetBird 安全漏洞

NetBird is an open source network security platform open sourced by netbirdio. A security vulnerability exists in NetBird version 0.28.4, which stems from a static initialization vector IV in the encryption function that allows an attacker to obtain sensitive information...

PT-2024-29338

Name of the Vulnerable Software and Affected Versions netbird version 0.28.4 Description The issue concerns a static initialization vector IV used in the encrypt function, allowing attackers to obtain sensitive information. This static IV is utilized in the github.com/netbirdio/netbird code...

CVE-2024-41260

A static initialization vector IV in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information email addresses when in possession of the audit events database...

CVE-2024-41950

Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja...

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center and Server

This High severity org.apache.tomcat:tomcat-coyote Dependency vulnerability was introduced in versions 9.4.0, 9.12.0, 9.15.0, 9.16.0, and 9.17.0 of Jira Software Data Center and Server. This org.apache.tomcat:tomcat-coyote Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

AZL-47232 CVE-2024-42230 affecting package kernel for versions less than 6.6.43.1-7

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix scv instruction crash with kexec kexec on pseries disables AIL reloconexc, required for scv instruction support, before other CPUs have been shut down. This means they can execute scv instructions after AIL i...

CVE-2024-42230

In CVE-2024-42230, the Linux kernel on pseries PowerPC is affected by a scv instruction crash when kexec is used. The root cause is that kexec on pseries disables AIL (reloc_on_exc), required for scv instruction support, before all CPUs have been shut down, allowing scv instructions to execute af...

CVE-2024-42230 powerpc/pseries: Fix scv instruction crash with kexec

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix scv instruction crash with kexec kexec on pseries disables AIL reloconexc, required for scv instruction support, before other CPUs have been shut down. This means they can execute scv instructions after AIL i...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from an uninitialized wxnumqvectors in the net:txgbe module when using MSI/INTx interrupts, resulting in a...

WonderCMS 安全漏洞

WonderCMS is an open source PHP-based content management system CMS from WonderCMS Inc. A security vulnerability exists in WonderCMS version 3.4.3, which stems from an arbitrary file upload vulnerability in the uploadFileAction function, allowing an attacker to execute arbitrary code via a crafte...

PT-2024-5305 · Phpipam · Phpipam

Name of the Vulnerable Software and Affected Versions: phpipam version 1.6 Description: The issue is related to Cross Site Scripting XSS in the phpipam application. Specifically, the "/app/admin/widgets/edit.php" endpoint is vulnerable. This vulnerability can be exploited by a remote attacker to...

streamlit-geospatial 代码问题漏洞

streamlit-geospatial is an Open Geospatial Solutions open source streamlit multi-page application for geospatial applications. A code issue vulnerability exists in streamlit-geospatial that stems from pages/9? The url variable in VectorDataVisualization.py accepts user input, which is then passed...

SyroTech SY-GPON-1110-WDONT 安全漏洞

The SyroTech SY-GPON-1110-WDONT is a wireless router from SyroTech. The SyroTech SY-GPON-1110-WDONT suffers from an information disclosure vulnerability that stems from a missing security flag in a session cookie associated with the router's web management interface. An attacker could exploit thi...

CVE-2024-6896

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2024-19015 · Atlassian · Bitbucket

Name of the Vulnerable Software and Affected Versions: Bitbucket Data Center versions 8.0.0 through 8.9.12 Bitbucket Data Center versions 8.19.0 through 8.19.1 Description: The issue is an open redirect vulnerability that allows an unauthenticated attacker to redirect a victim user upon login to...

Telegram 安全漏洞

Telegram is an instant messaging mobile application open-sourced by Telegram. A security vulnerability exists in Telegram version 10.14.4 and earlier versions. An attacker exploiting the vulnerability could send a malicious application disguised as a video...

Potential memory exhaustion attack due to sparse slice deserialization

...