GHSA-XFJ4-9G7W-F4GH

creationtimestamp| type| source ---|---|--- 2025-01-10 17:03:32+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/1165...

GHSA-24M8-VX7P-Q7MF

creationtimestamp| type| source ---|---|--- 2025-01-06 06:40:14+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/150...

GHSA-9G72-VRH2-4XQW

creationtimestamp| type| source ---|---|--- 2025-01-05 18:40:52+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/136...

GHSA-5CHH-WV34-P78R

creationtimestamp| type| source ---|---|--- 2025-01-05 01:33:31+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/64 2025-01-05 01:36:19+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/86 2025-01-05 01:39:04+00:00| published-proof-of-concept|...

CVE-2024-47834

creationtimestamp| type| source ---|---|--- 2024-12-17 12:51:51+00:00| seen| https://github.blog/security/vulnerability-research/uncovering-gstreamer-secrets/...

CVE-2024-47600

creationtimestamp| type| source ---|---|--- 2024-12-17 12:51:51+00:00| seen| https://github.blog/security/vulnerability-research/uncovering-gstreamer-secrets/...

FreeBSD : py-matrix-synapse -- multiple vulnerabilities in versions prior to 1.120.1 (71f3e9f0-bafc-11ef-885d-901b0e934d69)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 71f3e9f0-bafc-11ef-885d-901b0e934d69 advisory. element-hq/synapse developers report: The 1.120.1 release fixes multiple security...

GO-2024-3295 Violation of GitHub host security boundary when sourcing authentication token within a codespace in github.com/cli/go-gh

Violation of GitHub host security boundary when sourcing authentication token within a codespace in github.com/cli/go-gh...

CVE-2024-47539

creationtimestamp| type| source ---|---|--- 2024-12-11 19:17:17+00:00| seen| https://infosec.exchange/users/cve/statuses/113635795675032476 2024-12-17 12:51:51+00:00| seen| https://github.blog/security/vulnerability-research/uncovering-gstreamer-secrets/...

py-matrix-synapse -- multiple vulnerabilities in versions prior to 1.120.1

element-hq/synapse developers report: The 1.120.1 release fixes multiple security vulnerabilities, some affecting all prior versions of Synapse. Server administrators are encouraged to update Synapse as soon as possible. We are not aware of these vulnerabilities being exploited in the wild...

Exploit for CVE-2024-49379

Proof of Concept PoC for CVE-2024-49379 This repository con...

GHSA-PJWM-CR36-MWV3 ReDoS in giskard's transformation.py (GHSL-2024-324)

ReDoS in Giskard text perturbation detector A Remote Code Execution ReDoS vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation...

CVE-2024-52524 ReDoS in Giskard Scan text perturbation

Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution ReDoS vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential...

CVE-2024-52524 ReDoS in Giskard Scan text perturbation

Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution ReDoS vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential...

CVE-2024-49756 AshPostgres empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.

AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would...

CVE-2024-49756

AshPostgres (Ash Framework data layer) has a vulnerability in versions 2.0.0 through 2.4.9 where update actions that are empty (no field changes) could skip policies and trigger side effects. The issue is limited to such actions and does not enable reading new data. It requires specific condition...

EulerOS 2.0 SP12 : ruby (EulerOS-SA-2024-2517)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby read...

CVE-2024-45314

Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If...

CVE-2024-45314

CVE-2024-45314 affects Flask-AppBuilder: the auth DB login form allows the browser to cache sensitive data. Affected component is the login form; root cause is default cache directives exposing data in shared environments. Version 4.5.1 fixes the issue. If upgrading is not possible, a workaround ...

CVE-2024-45314 Flask-AppBuilder login form allows browser to cache sensitive fields

Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If...