urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

Fedora 40 : zabbix (2024-bcdea6e995)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bcdea6e995 advisory. Update to 6.0.36 CVE-2024-42330 rhbz2329219, CVE-2024-42332 rhbz2329222, CVE-2024-42333 rhbz2329225 Tenable has extracted the preceding description...

CVE-2024-11126 Digistar AG-30 Plus Login Page excessive authentication

A vulnerability was found in Digistar AG-30 Plus 2.6b. It has been classified as problematic. Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of excessive authentication attempts. The complexity of an attack is rather high. The...

CVE-2024-11126 Digistar AG-30 Plus Login Page excessive authentication

A vulnerability was found in Digistar AG-30 Plus 2.6b. It has been classified as problematic. Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of excessive authentication attempts. The complexity of an attack is rather high. The...

CVE-2024-11049 ZKTeco ZKBio Time Image File photo direct request

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...

CVE-2024-11049 ZKTeco ZKBio Time Image File photo direct request

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...

CVE-2024-10749

A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected is the function script of the file /app/admin/controller/api/Plugs.php. The manipulation of the argument uptoken leads to deserialization. It is possible to launch the attack remotely. The complexity...

CVE-2024-10749 ThinkAdmin Plugs.php script deserialization

A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected is the function script of the file /app/admin/controller/api/Plugs.php. The manipulation of the argument uptoken leads to deserialization. It is possible to launch the attack remotely. The complexity...

Missing Authorization

Overview chainlit is a Build Conversational AI. Affected versions of this package are vulnerable to Missing Authorization due to improper user verification in the getfile endpoint. This flaw allows unauthorized users to access and retrieve session files by guessing or obtaining valid sessionids,...

CVE-2024-10141

A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...

CVE-2024-10141

A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...

CVE-2024-10141 jsbroks COCO Annotator Session predictable state

A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...

CVE-2024-10141

The CVE-2024-10141 issue affects jsbroks COCO Annotator 0.11.1, specifically the Session Handler component where manipulating the SECRET_KEY causes a predictable state from observable state. It can be initiated remotely, with attack complexity described as high and exploitability as difficult. Mu...

Exploit for Code Injection in Grafana

CVE-2024-9264 Grafana Post-Auth DuckDB SQL Injection RCE...

CVE-2024-10073

A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The...

CVE-2024-10073

flairNLP flair 0.14.0 is affected by a code-injection vulnerability in the ClusteringModel function located in flair/models/clustering.py (Mode File Loader). The issue allows remote code execution and is described as high severity; attack complexity is listed as high and exploitation has been dis...

CVE-2005-10003 mikexstudios Xcomic os command injection

A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. This affects an unknown part. The manipulation of the argument cmd leads to os command injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitabilit...

PT-2024-16009 · Flairnlp · Flairnlp

Name of the Vulnerable Software and Affected Versions: flairNLP flair version 0.14.0 Description: A critical vulnerability was found in the function ClusteringModel of the file flairmodelsclustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to...

firefox: thunderbird: Potential memory corruption may occur when cloning certain objects

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: It is currently unknown if this issue is exploitable, but a condition may arise where the structured clone of certain objects could lead to memory corruption...

firefox: thunderbird: Potential memory corruption may occur when cloning certain objects

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: It is currently unknown if this issue is exploitable, but a condition may arise where the structured clone of certain objects could lead to memory corruption...