CVE-2024-6508 Openshift-console: oauth2 insufficient state parameter entropy

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery CSRF attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s...

Cisco IOS XR Software MPLS Pseudowire Interfaces Access Control List Bypass (CSCwf99658)

According to its self-reported version, Cisco IOS XR is affected by a vulnerability. - A vulnerability in the access control list ACL processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This...

GO-2023-1866 Silver vulnerable to MitM attack against implants due to a cryptography vulnerability in github.com/bishopfox/sliver

Silver vulnerable to MitM attack against implants due to a cryptography vulnerability in github.com/bishopfox/sliver...

GO-2023-1468 KubePi session fixation attack allows an attacker to hijack a legitimate user session. in github.com/KubeOperator/kubepi

KubePi session fixation attack allows an attacker to hijack a legitimate user session. in github.com/KubeOperator/kubepi...

Spring Security Missing Authorization vulnerability

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...

Dahua Security Multiple Products Improper Input Validation (CVE-2024-39950)

A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

EulerOS Virtualization 2.10.1 : expat (EulerOS-SA-2024-2136)

According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a lar...

CVE-2024-43381

CVE-2024-43381 concerns reNgine, an automated reconnaissance framework. The affected software is reNgine versions 2.1.2 and earlier. The root cause is a Stored Cross-Site Scripting (XSS) flaw: when scanning a domain, if the target’s DNS record contains an XSS payload, that payload is fetched and ...

CVE-2024-7347

A flaw was found in the ngxhttpmp4module module of Nginx. Processing a specially crafted MP4 file can trigger a buffer over-read and cause the nginx process to terminate, resulting in a denial of service. Mitigation Restrict publishing of audio and video to trusted users only...

WordPress Shield Security 20.0.5 Cross Site Scripting

Exploit Title: CVE-2024-7313 - Reflected XSS to Unauthorised Administrator Account Creation Google Dork: inurl:"/wp-content/plugins/wp-simple-firewall/" Cannot find version numbers from this DORK Date: 16/08/2024 Exploit Author: Tim Lepp Vendor Homepage: https://getshieldsecurity.com/ Software...

CVE-2024-31799

CVE-2024-31799 affects GNCC’s GC2 Indoor Security Camera 1080P. The flaw: an attacker with physical access can read the WiFi passphrase through the UART Debug Port, exposing sensitive network credentials via direct hardware access. The underlying cause is information disclosure via an accessible ...

CVE-2024-41866

Adobe InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could crash the application and cause a denial-of-service. Exploitation requires user interaction (victim opens a malicious file). The issue is listed among APSB24-56 and ass...

Denial Of Service (DoS)

Microsoft.AspNetCore.App.Runtime is vulnerable to a Denial of Service DoS vulnerability. The vulnerability is due to a specific condition or action that allows an attacker to disrupt service availability...

Adobe Acrobat Reader 安全漏洞

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. A security vulnerability exists in Adobe Acrobat Reader. An attacker can exploit the vulnerability to cause elevated privileges...

CVE-2024-3913 Phoenix Contact: Start sequence allows attack during the boot process

An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup...

CVE-2024-7660

SourceCodester File Manager App 1.0 contains a cross‑site scripting vulnerability in the Add File Handler. Manipulating the File Title/Uploaded By parameter can trigger XSS, with remote exploitation and a publicly disclosed exploit. Connected advisories do not specify the exact XSS type (reflecte...

CVE-2024-7382 Linkify Text <= 1.9.1 - Unauthenticated Full Path Disclosure

The Linkify Text plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path of th...

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the operating system files with older versions. The vulnerabilities are listed below -...

BIT-DJANGO-2024-41990

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters...

CVE-2024-20479

The CVE-2024-20479 entry involves Cisco Identity Services Engine (ISE) with a stored XSS vulnerability in the web-based management interface caused by insufficient input validation. Affected component: the web-based management UI; root cause: improper handling of user-supplied input on specific p...