GHSA-76VF-MPMX-777J Graylog Allows Session Takeover via Insufficient HTML Sanitization

Impact It is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user account with permissions to create event definitions, while the user must have permissions to view alerts...

PT-2025-20706 · Ооо "Юзергейт" · Usergate Next-Generation Firewall

Уязвимость сервиса HTTP-Proxy программного обеспечения межсетевого экрана UserGate Next-Generation Firewall NGFW существует из-за отсутствия мер по проверке вводимых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, читать произвольные файлы...

Deserialization Of Untrusted Data

Whoogle Search is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper input sanitization due to the handling of crafted search queries in the /models/config.py component...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the mdio unvalidated phy address parameter...

The vulnerability of the KWHotel software for hotel management lies in the lack of a mechanism to neutralize elements in the CSV file, allowing a hacker to trigger a service failure.

The vulnerability of the KWHotel hotel management software is related to the lack of mechanisms for neutralizing elements in the CSV file. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

DEBIAN-CVE-2022-49350

In the Linux kernel, the following vulnerability has been resolved: net: mdio: unexport init-annotated mdiobusinit EXPORTSYMBOL and init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated init. The access to a free...

CVE-2024-7988

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten...

CVE-2024-7988 ThinManager® ThinServer™ Information Disclosure and Remote Code Execution Vulnerabilities

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten...

CVE-2024-7988 ThinManager® ThinServer™ Information Disclosure and Remote Code Execution Vulnerabilities

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten...

CVE-2024-7988

CVE-2024-7988 affects Rockwell Automation ThinManager ThinServer. The vulnerability stems from improper input validation, enabling remote code execution with SYSTEM privileges by uploading or overwriting files. Affected ThinManager ThinServer versions include 11.1.0–11.1.7, 11.2.0–11.2.8, 12.0.0–...

CVE-2024-37177

SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to confidentiality and...

UBUNTU-CVE-2024-36039

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...

CVE-2024-2757

In PHP 8.3. before 8.3.5, function mbencodemimeheader runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function...

GHSA-375G-39JQ-VQ7M Potential buffer overflow in CBOR2 decoder

Summary Ever since https://github.com/agronholm/cbor2/pull/204 or specifically https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542 was merged, I can create a reproducible crash when running the snippet under PoC on a current Debian bullseye aarm64 on a Raspberry Pi ...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

JFinal 跨站脚本漏洞

JFinalCMS is a content management system. JFinalCMS version 5.0.0 cross-site scripting vulnerability, the vulnerability stems from the carousel image editing of user-supplied data lack of effective filtering and escaping, the vulnerability can be exploited by an attacker by injecting a...

CVE-2023-20005

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a flaw in the handling of certain data inputs. An attacker can cause a denial of service by sending specially crafted data to the application. Details Denial of Service DoS describes a family of attacks, all...

CVE-2023-3769 Vulnerability in Ingeteam's INGEPAC EF

Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication,...