PT-2024-23295 · Unknown · Piccolo Admin

Name of the Vulnerable Software and Affected Versions: Piccolo Admin versions prior to 1.3.2 Description: The issue concerns the Piccolo Admin interface, which allows media file uploads, including SVG files by default. An attacker can upload a malicious SVG file, which, when loaded, can provide...

GHSA-39FP-MQMM-GXJ6 CodeIgniter4 DoS Vulnerability

Impact A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Patches Upgrade to v4.4.7 or later. See upgrading guide. Workarounds - Disabling Auto Routing prevents a known...

Rrgen - A Header Only C++ Library For Storing Safe, Randomly Generated Data Into Modern Containers

This library was developed to combat insecure methods of storing random data into modern C++ containers. For example, old and clunky PRNGs. Thus, rrgen uses STL's distribution engines in order to efficiently and safely store a random number distribution into a given C++ container. Installation 1...

AZL-37146 CVE-2024-28085 affecting package util-linux for versions less than 2.37.4-9

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...

CVE-2024-20259

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandle...

CVE-2024-20259

Cisco IOS XE Software DHCP Snooping with Endpoint Analytics contains a DoS vulnerability: unauthenticated, remote attackers can trigger a device reload by sending crafted IPv4 DHCP requests, due to mis-handling of requests when endpoint analytics are enabled. Affected feature is DHCP snooping; at...

CVE-2024-1023

CVE-2024-1023 affects the Eclipse Vert.x core via a memory leak in Netty FastThreadLocal data structures when the Vert.x HTTP client opens connections to multiple hosts. The vulnerability can enable a memory exhaustion DoS, as the leak can be accelerated with attacker-controlled or knowledge-driv...

CVE-2024-1023 Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,...

PT-2024-3270 · Oracle +1 · Virtualbox +1

Name of the Vulnerable Software and Affected Versions: Oracle VM VirtualBox versions prior to 7.0.16 Description: The issue is related to improper privilege management in the Oracle VM VirtualBox product, allowing a low-privileged attacker with logon access to the infrastructure to compromise...

PT-2024-23072 · 10Web +1 · Photo Gallery

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The image upload component is affected by an issue where it allows SVG files, and the regular expression used to remove script tags can be bypassed. Thi...

CVE-2024-28434

The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code...

Twenty 安全漏洞

Twenty is a CRM platform open-sourced by Twenty. A security vulnerability exists in Twenty version 0.3.0. An attacker can exploit this vulnerability to trigger javascript code execution via a specially crafted svg file...

CVE-2024-29273

There is Stored Cross-Site Scripting XSS in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document...

The vulnerability of Intel microprogramming software, related to the leakage of information from vector registers, allows attackers to gain access to protected information.

The vulnerability of Intel microprogramming software is related to the leakage of information from vector registers. Exploiting this vulnerability can allow an attacker to gain access to protected information...

Over 800 npm Packages Found with Discrepancies, 18 Exploit 'Manifest Confusion'

New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of which 18 have been found to exploit a technique called manifest confusion. The findings come from cybersecurity firm JFrog, which said the issue could be exploited by...

CVE-2024-24050

Concrete details found: CVE-2024-24050 affects Sourcecodester Workout Journal App 1.0. The vulnerability is Cross-Site Scripting (XSS) via the firstname and lastname parameters in /add-user.php, potentially allowing arbitrary code execution. Documented by multiple sources (NVD, Red Hat, CVE List,...

Debian dsa-5642 : php-dompdf-svg-lib - security update

The remote Debian 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5642 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5642-1...

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

UBUNTU-CVE-2024-22025

A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch function in Node.js always decodes Brotli, making i...

WordPress Scalable Vector Graphics (SVG) Plugin <= 3.4 is vulnerable to Cross Site Scripting (XSS)

Software Scalable Vector Graphics SVG Type Plugin Vulnerable versions = 3.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7085 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 893df7114366 Credits Bob Matyas...