CVE-2024-34887

CVE-2024-34887 affects 1C-Bitrix Bitrix24 23.300.100. The issue is "insufficiently protected credentials" in AD/LDAP server settings, enabling remote administrators to exfiltrate AD/LDAP administrator passwords to an arbitrary server via HTTP POST. Public sources (Red Hat, CNNVD, CVE listings) de...

CBL Mariner 2.0 Security Update: php (CVE-2024-8925)

The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-8925 advisory. - In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form...

LevelOne WBR-6012 Web Application buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1997 LevelOne WBR-6012 Web Application buffer overflow vulnerability October 30, 2024 CVE Number CVE-2024-28052 SUMMARY The WBR-6012 is a wireless SOHO router. It is a low-cost device which functions as an internet gateway for homes and small offices while...

K000148279: CUPS vulnerability CVE-2024-47850

Security Advisory Description CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer bu...

CVE-2024-8925

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...

CVE-2024-8925 Erroneous parsing of multipart form data

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...

CVE-2024-8925

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...

CVE-2024-43365

Cacti is an open source performance and fault management framework. Theconsolenewsection parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in index.php, finally leading t...

CVE-2024-43364 Stored Cross-site Scripting (XSS) when creating external links in Cacti

Cacti is an open source performance and fault management framework. The title parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users wit...

CVE-2024-43362 Stored Cross-site Scripting (XSS) when creating external links in Cacti

Cacti is an open source performance and fault management framework. The fileurl parameter is not properly sanitized when saving external links in links.php . Morever, the said fileurl is placed in some html code which is passed to the print function in link.php and index.php, finally leading to...

Regular Expression Denial Of Service (ReDoS)

langflow is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to improper handling of the remainingtext argument in the HTTP POST Request Handler, allowing an attacker to exploit the inefficient regular expression patterns and causes excessive resource consumption...

CVE-2024-47850

A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added. Mitigation See the security bulletin for a detailed...

CVE-2024-9513

A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUserQuestionsFilled of the component HTTP POST Request Handler. The manipulation of the argument...

CVE-2024-9513

NetAdmin IAM (Netadmin Software) up to version 3.5 has a vulnerability in the HTTP POST Request Handler at /controller/api/Answer/ReturnUserQuestionsFilled. The issue arises from improper manipulation of the username parameter, causing information exposure via discrepancy. Impact is limited to co...

CVE-2024-9513 Netadmin Software NetAdmin IAM HTTP POST Request ReturnUserQuestionsFilled information exposure

A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUserQuestionsFilled of the component HTTP POST Request Handler. The manipulation of the argument...

Exploit for CVE-2024-9441

Nortek Linear eMerge E3 Pre-Auth RCE PoC CVE-2024-9441...

Inefficient Regular Expression Complexity in langflow

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...

GHSA-355V-2RJX-FPX7 Inefficient Regular Expression Complexity in langflow

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...

CVE-2024-9277

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...

CVE-2024-9277

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...