PT-2024-41021 · Unknown · Ca-Certificates

Name of the Vulnerable Software and Affected Versions: ca-certificates affected versions not specified Description: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.64 version of the Mozilla certificate...

Directory Traversal

contao/core-bundle is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation or restriction of file paths in the FileSelector widget, allowing authenticated users to access directories outside the intended document root...

CVE-2022-25775

Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems...

CVE-2022-25775

Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems...

CVE-2024-46732

creationtimestamp| type| source ---|---|--- 2024-09-18 10:01:19+00:00| seen| https://t.me/cvedetector/5907 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

Could not open websocket connection please try by login again /nsconfig/sshd_config.

After Upgrade to 13.1 53.17, the customer is not able to do several actions in the Netscaler, including generate the support bundle from the GUI or connect to the CLI through the GUI, error: Could not open websocket connection. Please try by login again...

CVE-2024-45398 Remote command execution through file upload in contao/core-bundle

Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does...

Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS

Summary We discovered a DOM Clobbering vulnerability in Vite when building scripts to cjs/iife/umd output format. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptless attacker-controlled HTML elements e.g., an img tag with an unsanitized name...

CVE-2024-29779

creationtimestamp| type| source ---|---|--- 2024-09-13 23:49:30+00:00| seen| https://t.me/cvedetector/5657 2024-11-07 17:04:54+00:00| seen| https://vulnerability.circl.lu/bundle/aaa30339-107b-4cb3-8a1a-3e5d8398b429...

K000141041: GnuTLS vulnerabilities CVE-2024-28834 and CVE-2024-28835

Security Advisory Description CVE-2024-28834 A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag...

CVE-2024-45592

auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because %sourcelabel% in twig macro is not escaped. Therefore script...

CVE-2024-45592 auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped

auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because %sourcelabel% in twig macro is not escaped. Therefore script...

CVE-2024-45592 auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped

auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because %sourcelabel% in twig macro is not escaped. Therefore script...

auditor-bundle 跨站脚本漏洞

auditor-bundle is a tool by Damien Harper Personal Developer. A cross-site scripting vulnerability exists in auditor-bundle versions prior to 6.0.0, which stems from an unescaped entity attribute that enables Javascript injection...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.423)

The version of AHV installed on the remote host is prior to 20220304.423. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.423 advisory. - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via...

SUSE CVE-2024-45395

sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, R...

CVE-2024-44957

creationtimestamp| type| source ---|---|--- 2024-09-04 21:56:27+00:00| seen| https://t.me/cvedetector/4847 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

sigstore-go has an unbounded loop over untrusted input can lead to endless data attack

Impact sigstore-go is susceptible to a denial of service attack when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, RFC 3161 timestamps, and attestation subjects. The verification of these...

CVE-2024-45395

Sigstore-go versions before 0.6.1 are vulnerable to an Endless data attack when verifying Sigstore Bundles containing large amounts of verifiable data (signed transparency log entries, RFC 3161 timestamps, attestation subjects). The issue causes high CPU usage and can disrupt verification process...

CVE-2024-45395 Unbounded loop over untrusted input can lead to endless data attack

sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, R...