Django vulnerable to a denial-of-service attack

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters...

CVE-2024-41991

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters...

CVE-2024-41991

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters...

CVE-2024-33969

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in...

CVE-2024-33973

CVE-2024-33973 affects PayPal, Credit Card and Debit Card Payment version 1.0 (janobe) and stems from an SQL injection in the /report/attendance_print.php endpoint, via the Attendance and YearLevel parameters. The vulnerability could allow an attacker to retrieve all information stored on the ser...

CVE-2024-33965

CVE-2024-33965 is a SQL injection in the PayPal, Credit Card and Debit Card Payment system (version 1.0) by janobe, exposed via the /tubigangarden/admin/mod_accomodation/index.php?view parameter. Multiple connected sources corroborate that a specially crafted query can exfiltrate stored data. Pub...

Non-Profit Blood Center OneBlood Recovering from Cripping Ransomware Attack

The non-profit blood donation service suffered a ransomware attack last week and has requested urgent and emergency blood…...

gotortc vulnerable to Cross-Site Request Forgery

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The /api/config endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an...

CVE-2024-7383

A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic...

CVE-2024-7383

A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic...

CVE-2024-7409

CVE-2024-7409 affects QEMU’s NBD server. The flaw is caused by improper synchronization during socket closure when a client keeps a socket open as the server goes offline, enabling potential DoS. Connected advisories/feeds indicate multiple vendors have released security updates (e.g., Debian, SU...

CVE-2024-7383 Libnbd: nbd server improper certificate validation

A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic...

Improper Certificate Validation

github.com/casdoor/casdoor is vulnerable to Improper Certificate Validation. The vulnerability is due to the usage of the ssh.InsecureIgnoreHostKey method in the file viaSSHDialer.go, which disables host key verification and allows attackers to obtain sensitive information via a man-in-the-middle...

CVE-2024-7383

A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic...

Missing Certificate Verification

github.com/gogf/gf is vulnerable to Missing Certificate Verification. The vulnerability is due to the default configuration of the GHTTP client, which skips TLS certificate verification. The vulnerability allows attackers to exploit the gclient component to potentially perform a Man-in-the-Middle...

Man-In-The-Middle Attack

github.com/mickael-kerjean/filestash is vulnerable to Man-In-The-Middle Attack. The vulnerability is due to the usage of ssh.InsecureIgnoreHostKey function, which disables host key verification, allowing attackers to obtain sensitive information via a man-in-the-middle attack...

CVE-2024-41264

An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey method...

CVE-2024-41262

mmudb v1.9.3 was discovered to use the HTTP protocol in the ShowMetricsRaw and ShowMetricsAsText functions, possibly allowing attackers to intercept communications via a man-in-the-middle attack...

Filestash configured to skip TLS certificate verification when using the FTPS protocol

filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go...

Filestash skips TLS certificate verification process when sending out email verification codes

Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack...