Autodesk AutoCAD 安全漏洞

Autodesk AutoCAD is a set of professional 3D drawing software from the American Autodesk Corporation. A security vulnerability exists in Autodesk AutoCAD, which can be exploited by an attacker to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CycloneDX cdxgen may execute code contained within build-related files

CycloneDX cdxgen prior to 11.1.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation,...

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor

Cross-site request forgery CSRF vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 update 29 through update 35 allows remote attackers to 1 change user...

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget

Cross-site request forgery CSRF vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to 1 change us...

PT-2024-27874

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.2 through 7.4.3.111 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay DXP 7.4 GA through update 92 Liferay DXP 7.3 GA through update 36 Description The workflo...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

CVE-2024-10079

The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajaximportcontent' function. This allows authenticated attackers, with subscriber-level permissions an...

Synology Router Manager (SRM) 1.3.x Multiple Vulnerabilities (Synology-SA-24:16) - Unreliable Remote Version Check

Synology Router Manager SRM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

jQuery UI 安全漏洞

jQuery UI is a jQuery open source set of carefully curated user interface interactions, effects, widgets and themes built on jQuery. A security vulnerability exists in jQuery UI version v.1.13.1, which stems from the presence of a cross-site scripting vulnerability that allows remote attackers to...

VulnCheck KEV: CVE-2021-4443

The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compilersave AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code...

CVE-2024-4131

A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges...

CVE-2024-4130

A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges...

CVE-2024-4089

A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges...

CVE-2024-33581

A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges...

CVE-2024-33578

A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges...

CVE-2024-33582

CVE-2024-33582 describes a DLL hijack vulnerability in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges. The available connected documents reiterate a local, privilege-escalation scenario but do not provide concrete exploitation details, affected...

CVE-2024-33581

CVE-2024-33581 describes a DLL hijack in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges. The vulnerability is local, with low attack complexity and no user interaction required, and results in high impact to confidentiality, in...

CVE-2024-33580

CVE-2024-33580 describes a DLL hijack vulnerability in Lenovo Personal Cloud that could let a local attacker execute code with elevated privileges. Affected product: Lenovo Personal Cloud. Affected component: DLL loading path exploitation ( DLL hijack ). Root cause: DLL hijack leading to remote/l...

CVE-2024-33578

A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges...

CVE-2024-33578

Technical details for CVE-2024-33578 are not publicly available in the provided documents. Monitor for updates as new information becomes available.