PYSEC-2024-219

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves insecure communication between the FRP Fast Reverse Proxy client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and rea...

CVE-2024-47871

CVE-2024-47871 affects Gradio, an open-source Python package for quick prototyping. The flaw is insecure communication between the FRP client and server when share=True is enabled, with no enforced HTTPS. This allows an attacker to intercept files uploaded to the Gradio server and modify response...

CVE-2024-47871 Insecure communication between the FRP client and server in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves insecure communication between the FRP Fast Reverse Proxy client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and rea...

CVE-2024-47871 Insecure communication between the FRP client and server in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves insecure communication between the FRP Fast Reverse Proxy client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and rea...

CVE-2024-47871 Insecure communication between the FRP client and server in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves insecure communication between the FRP Fast Reverse Proxy client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and rea...

GHSA-279J-X4GX-HFRH Gradio uses insecure communication between the FRP client and server

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves insecure communication between the FRP Fast Reverse Proxy client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read files upload...

Gradio uses insecure communication between the FRP client and server

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves insecure communication between the FRP Fast Reverse Proxy client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read files upload...

PT-2024-7663 · Curl +9 · Curl +9

Name of the Vulnerable Software and Affected Versions: curl versions prior to 8.10.1 Description: The issue is related to the implementation of the HSTS HTTP Strict Transport Security mechanism in the curl utility. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a...

CentOS 7 : firefox (RHSA-2021:0290)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0290 advisory. - When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted t...

Fedora: Security Advisory (FEDORA-2024-aaa468ae4f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 7 : java-1.8.0-ibm (RHSA-2022:8880)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8880 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are...

PHP-Nuke Top Module SQL Injection

Exploit Title: PHP-Nuke SQL injection Top Module + protection Bypass Google Dork: intext: Powered by PHP-Nuke Date: 2024-10-07 Exploit Author: Emiliano Febbi Vendor Homepage: https://phpnuke.org/ Software Link: https://sourceforge.net/projects/phpnuke/files/phpnuke/ Version: 6.x New concept of...

Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors

Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service DDoS attack that peaked at 3.8 terabits per second Tbps and lasted 65 seconds. The web infrastructure and security company said it fended off "over one hundred hyper-volumetric L3/4 DDoS attacks throughout...

Open Redirect

scoutbrowser is vulnerable to Open Redirect. The vulnerability is due to inadequate input validation and sanitization in the /login API endpoint, which does not properly handle the next parameter, and lack of scheme validation, which allows for both open redirects and HTTPS downgrade attacks...

CVE-2024-20502

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishi...

CVE-2024-20501

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficie...

CVE-2024-20501

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficie...

CVE-2024-20502

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishi...

CVE-2024-20499

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficie...

CVE-2024-20509

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service DoS condition for individual users of the AnyConnect VPN...