CVE-2024-52506 Graylog can leak other users' reports via concurrent PDF report rendering

Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included i...

CVE-2024-52506 Graylog can leak other users' reports via concurrent PDF report rendering

Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included i...

Graylog concurrent PDF report rendering can leak other users' reports

Impact The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included in Graylog 6.1.0 & 6.1.1, is vulnerable to...

GHSA-VGGM-3478-VM5M Graylog concurrent PDF report rendering can leak other users' reports

Impact The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included in Graylog 6.1.0 & 6.1.1, is vulnerable to...

CVE-2024-10921

An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to...

CVE-2024-48646

An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files, such as HTML, scripts, or other executable content, that may be executed on the...

PT-2024-33194 · Sas · Sas Studio

Name of the Vulnerable Software and Affected Versions: SAS Studio version 9.4 Description: The issue concerns an unrestricted file upload in the /SASStudio/SASStudio/sasexec/sessionID/InternalPath endpoint, allowing a remote attacker to upload malicious files. This is disputed by the vendor as fi...

GHSA-CM59-8RMV-F2CJ Lollms vulnerable to Cross-site Scripting

A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. Due to incomplete filtering in the sanitizesvg function, this can lead to cross-site scripting XSS vulnerabilities, which in turn pose a risk of remote code...

Lollms vulnerable to Cross-site Scripting

A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. Due to incomplete filtering in the sanitizesvg function, this can lead to cross-site scripting XSS vulnerabilities, which in turn pose a risk of remote code...

CVE-2024-7475

An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate acce...

CVE-2024-6581

A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. Due to incomplete filtering in the sanitizesvg function, this can lead to cross-site scripting XSS vulnerabilities, which in turn pose a risk of remote code...

CVE-2024-6581 Remote Code Execution due to Stored XSS in parisneo/lollms

A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. Due to incomplete filtering in the sanitizesvg function, this can lead to cross-site scripting XSS vulnerabilities, which in turn pose a risk of remote code...

CVE-2024-6581 Remote Code Execution due to Stored XSS in parisneo/lollms

A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. Due to incomplete filtering in the sanitizesvg function, this can lead to cross-site scripting XSS vulnerabilities, which in turn pose a risk of remote code...

CVE-2024-7475

CVE-2024-7475 describes an improper access control in lunary-ai/lunary 1.3.2 that lets an attacker update the SAML configuration without authorization. This could enable manipulation of authentication processes, fraudulent login requests, and theft of user information. Multiple connected sources ...

CVE-2024-7475 Improper Access Control in lunary-ai/lunary

An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate acce...

SAP NetWeaver AS 安全漏洞

SAP NetWeaver AS is an SAP web application server from SAP, Germany. It not only provides web services, but is also the basic platform for SAP software. A security vulnerability exists in SAP NetWeaver AS that originates from allowing authorized users to access sensitive information...

BIT-VALKEY-2022-24834 Heap overflow issue with the Lua cjson library used by Redis

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...

BIT-KEYDB-2022-24834 Heap overflow issue with the Lua cjson library used by Redis

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...

GO-2022-1019 lakeFS vulnerable to authenticated users deleting files they are not authorized to delete in github.com/treeverse/lakefs

lakeFS vulnerable to authenticated users deleting files they are not authorized to delete in github.com/treeverse/lakefs...

CVE-2024-31411

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution RCE. The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache...