DEBIAN-CVE-2024-26020

An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability...

CVE-2024-26020

An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability...

CVE-2024-32152

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability...

CVE-2024-26020

CVE-2024-26020 : The vulnerability affects Ankitects Anki 24.04, where the MPV functionality in flashcards processes user-supplied content and can trigger arbitrary code execution via a crafted flashcard. Multiple connected sources corroborate exploitation potential and assign high/critical impac...

CVE-2024-32152

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability...

CVE-2024-26020

An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability...

CVE-2024-26020

An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability...

Cross-Site Request Forgery (CSRF)

ProcessWire is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due to inadequate handling of comments functionality, which allows a remote attacker to comment as another user...

Ankitects Anki MPV script injection vulnerability

Talos Vulnerability Report TALOS-2024-1993 Ankitects Anki MPV script injection vulnerability July 22, 2024 CVE Number CVE-2024-26020 SUMMARY An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary...

ProcessWire Cross Site Request Forgery vulnerability

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

GHSA-R9VW-CJF9-XH4X ProcessWire Cross Site Request Forgery vulnerability

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

CVE-2024-41597

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

CVE-2024-39906 Remote code execution in Haven IndieAuthClient (GHSL-2024-093)

A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads t...

CVE-2024-41597

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

CVE-2024-41597

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

CVE-2024-5618

Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Apinizer Management Console: before 2024.05.1...

BIT-WORDPRESS-2023-28492

Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through 1.4.10...

CVE-2024-40515

An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48cn allows a remote attacker to execute arbitrary code via the Routing functionality...

CVE-2024-40515

An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48cn allows a remote attacker to execute arbitrary code via the Routing functionality...

CVE-2024-40503

An issue in Tenda AX12 v.16.03.49.18cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling...