CVE-2024-41304

The CVE-2024-41304 entry refers to WonderCMS v3.4.3 and reports an arbitrary file upload vulnerability in the uploadFileAction() function. A crafted SVG file can lead to arbitrary code execution on affected installations. Connected sources consistently describe the same issue without detailing ex...

CVE-2024-38983

CVE-2024-38983 affects the JavaScript library mini-deep-assign v0.0.8, where the prototype pollution arises from the internal _assign() at /lib/index.js:91. This enables an attacker to execute arbitrary code or cause a Denial of Service (DoS) and other impacts as described in multiple connected s...

CVE-2024-38986

Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via merge methods of lodash to merge objects...

CVE-2023-42959

A race condition was addressed with improved state handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges...

Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server

Summary There are multiple vulnerabilities in the IBM HTTP Server, which is used by IBM WebSphere Application Server, due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2024-38472 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by improper...

(0Day) VIPRE Advanced Security Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Anti...

CVE-2024-40318

CVE-2024-40318 is an arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 that enables remote code execution. The root cause involves bypassing file upload restrictions via crafted uploads, with the Red Hat/NVD OSV entries and PT Security notes corroborating a code-execution outcome. Im...

CVE-2024-38944

An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component...

CVE-2024-6963

The CVE-2024-6963 issue affects Tenda O3 version 1.0.0.10, in the formexeCommand function where manipulating the cmdinput parameter causes a stack-based buffer overflow. This can be triggered remotely and an exploit has been disclosed publicly. No patch details are provided in the sources; a prac...

GHSA-47MC-QMH2-MQJ4 Automad arbitrary file upload vulnerability

An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file. The malicious file has to be prepared and uploaded manually by the admin. Usually there is only one admin per site and that is the owner...

CVE-2024-41597

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

CVE-2024-40400

An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file...

CVE-2024-40400

CVE-2024-40400 is an arbitrary file upload vulnerability in Automad v2.0.0’s image upload function. The underlying issue allows an attacker to upload a crafted file and execute arbitrary code on the server. CVSSv3.1 base metrics indicate network access, low attack complexity, and required privile...

Security Bulletin: IBM MaaS360 Cloud Extender VPN Module affected by vulnerability (CVE-2024-4741)

Summary Vulnerability contained within OpenSSL a 3rd party component was addressed in the IBM MaaS360 VPN Module. Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the...

PT-2024-4846 · Cisco · Cisco Secure Email Gateway

Name of the Vulnerable Software and Affected Versions: Cisco Secure Email Gateway affected versions not specified Description: A vulnerability in the content scanning and message filtering features could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying...

Ubuntu: Security Advisory (USN-6897-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-40516

An issue in H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the Routing functionality...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Ghostscript vulnerabilities (USN-6897-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6897-1 advisory. It was discovered that Ghostscript incorrectly handled certain long PDF filter names. An attacker could possibly use this issue t...

CVE-2024-40548

An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-40545

An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...