Exploit for CVE-2022-32898

CVE-2022-32898: ANEProgramCreate multiple kernel memory cor...

Lychee 安全漏洞

Lychee is a beautiful and easy to use photo management system from The Lychee Organisation open source. It is used to manage and share photos. A security vulnerability exists in Lychee version 3.1.6, which stems from a cross-site request forgery CSRF vulnerability. The vulnerability can be...

CVE-2024-25808

Cross-site Request Forgery CSRF vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function...

CVE-2024-1711 Create by Mediavine <= 1.9.4 - Unauthenticated SQL Injection via 'id'

The Create by Mediavine plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.9.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-1711

The CVE-2024-1711 vulnerability affects the Create by Mediavine WordPress plugin (versions up to and including 1.9.4). It enables unauthenticated SQL Injection via the id parameter due to insufficient escaping and lack of proper query preparation, allowing an attacker to inject additional SQL and...

PT-2024-18242 · Mediavine · Create By Mediavine Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Create by Mediavine plugin for WordPress versions up to, and including, 1.9.4 Description: The issue allows for SQL Injection via the id parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation ...

PT-2024-15327 · Axis Communications · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: The VAPIX APIs are vulnerable to file globbing, which could lead to a resource exhaustion attack. The affected API endpoints include "local list.cgi", "create overlay.cgi", and...

PT-2024-21596

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab-out-of-bounds read can occur in the Linux kernel when the -NameOffset of smb2 create req is smaller than the Buffer offset of smb2 create req. This issue is resolved by setting th...

CLSA-2024-1710436801 Update of bind

Fix pthread barrier initialization in iscnetmgrcreate...

CVE-2023-50726

A flaw was found in the Argo CD package. An improper validation bug allows users to sync local manifests on app creation, who have create privileges but not override privileges. All other restrictions, including AppProject restrictions, are still enforced. The only restriction that is not enforce...

CVE-2023-50726 Users with `create` but not `override` privileges can perform local sync in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it...

CVE-2024-28683

DedeCMS v5.7 was discovered to contain a cross-site scripting XSS vulnerability via create file...

CVE-2024-28683

DedeCMS v5.7 was discovered to contain a cross-site scripting XSS vulnerability via create file...

Argo CD Security Vulnerability

Argo CD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository, automatically synchronizing and deploying...

Desdev DedeCMS Security Breach

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has the functions of content publishing, content management, content editing and content retrieval. A security vulnerability exists ...

CVE-2024-28683

DedeCMS v5.7 was discovered to contain a cross-site scripting XSS vulnerability via create file...

YourSpotify Security Breach

YourSpotify is a self-hosted Spotify tracking dashboard. A security vulnerability exists in versions of YourSpotify prior to 1.9.0 that stems from the presence of a cross-site request forgery CSRF vulnerability that allows an attacker to retrieve, modify, or delete data, as well as create new use...

CVE-2024-28683

DedeCMS v5.7 was discovered to contain a cross-site scripting XSS vulnerability via create file...

PT-2024-22525 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A cross-site scripting XSS issue was found in DedeCMS via the create file functionality. This allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized access or...

Rocky Linux 8 : postgresql:15 (RLSA-2024:0973)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:0973 advisory. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer...