CVE-2023-31698

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting XSS via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content users cannot create their own accounts through self-registration...

PT-2023-23419 · Bludit · Bludit

Name of the Vulnerable Software and Affected Versions: Bludit version 3.14.1 Description: The issue is related to Stored Cross Site Scripting XSS via an SVG file on the site logo. It's noted that the product's security model trusts users to insert arbitrary content, as they cannot create their ow...

Trend Micro Apex Central modTMMS SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of deletecertvec requests to the modTMMS endpoint. When parsing the ...

PT-2025-43103

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-rc7+ Description The Linux kernel contains a flaw in the s390/crypto component related to ChaCha20. Specifically, the code lacks a check to verify if the necessary vector instructions are available before...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-1869)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a...

Wings vulnerable to escape to host from installation container

Impact This vulnerability impacts anyone running the affected versions of Wings. This vulnerability can be used to gain access to the host system running Wings if a user is able to modify an server's install script or the install script executes code supplied by the user either through environmen...

PT-2023-3141 · Rockwell Automation · Armorstart St

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ArmorStart ST affected versions not specified Description: A cross-site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product. This issue could allow a malicious user to view and modify...

CVE-2023-32080

Wings is the server control plane for Pterodactyl Panel. A vulnerability affecting versions prior to 1.7.5 and versions 1.11.0 prior to 1.11.6 impacts anyone running the affected versions of Wings. This vulnerability can be used to gain access to the host system running Wings if a user is able to...

Command injection

Wings is the server control plane for Pterodactyl Panel. A vulnerability affecting versions prior to 1.7.5 and versions 1.11.0 prior to 1.11.6 impacts anyone running the affected versions of Wings. This vulnerability can be used to gain access to the host system running Wings if a user is able to...

CVE-2023-32080 Wings vulnerable to escape to host from installation container

Wings is the server control plane for Pterodactyl Panel. A vulnerability affecting versions prior to 1.7.5 and versions 1.11.0 prior to 1.11.6 impacts anyone running the affected versions of Wings. This vulnerability can be used to gain access to the host system running Wings if a user is able to...

Open-Xchange OX App Suite 信息泄露漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. An information disclosure vulnerability exists in Open-Xchange OX App Suite version 7.10.6-rev23. An attacker could exploit the vulnerability to view user privacy...

Moderate: autotrace security update

AutoTrace is a program for converting bitmaps to vector graphics. Security Fixes: autotrace: heap-buffer overflow via the ReadImage at input-bmp.c CVE-2022-32323 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer t...

CVE-2023-30844 Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints

Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in mutagen and prior to version 0.17.1 in mutagen-compose, Mutagen list and monitor commands are susceptible to control characters that could be provided by remote...

Wjj Software InnoKB 跨站脚本漏洞

Wjj Software InnoKB is a web-based collaborative multi-user knowledge management software tool from Wjj Software. A security vulnerability exists in Wjj Software InnoKB version 2.2.1, which can be exploited by an attacker to cause cross-site scripting via an unspecified request...

GHSA-JMP2-WC4P-WFH2 Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints

Impact Mutagen command line operations, as well as the log output from mutagen daemon run, are susceptible to control characters that could be provided by remote endpoints. This can cause terminal corruption, either intentional or unintentional, if these characters are present in error messages,...

rubygem-loofah: inefficient regular expression leading to denial of service

An inefficient regular expression vulnerability was found in rubygem loofah. While sanitizing certain SVG attributes, loofah is susceptible to excessive backtracking, which can result in a denial of service through CPU resource consumption...

batik: Untrusted code execution in Apache XML Graphics Batik

A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript...

batik: Apache XML Graphics Batik vulnerable to code execution via SVG

A flaw was found in Batik. This issue may allow a malicious user to run untrusted Java code from an SVG...

Cairo: Buffer Overflow Vulnerability

Background Cairo is a 2D vector graphics library with cross-device output support. Description An attacker with the ability to provide input to Cairo's image-compositor can cause a buffer overwrite. Impact Malicious input to Cairo's image-compositor can result in denial of service of the...

OESA-2023-1259 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...