CVE-2024-41997

An issue was discovered in version of Warp Terminal prior to 2024.07.18 v0.2024.07.16.08.02. A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the warp://action/docker/opensubshell intent that when clicked ...

CVE-2024-7840

In Progress Telerik Reporting versions prior to 2024 Q3 18.2.24.924, a command injection attack is possible through improper neutralization of hyperlink elements...

CVE-2024-7840

In Progress Telerik Reporting versions prior to 2024 Q3 18.2.24.924, a command injection attack is possible through improper neutralization of hyperlink elements...

PT-2024-38619 · Progress · Telerik Reporting

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Reporting versions prior to 2024 Q3 18.2.24.924 Description: A command injection attack is possible through improper neutralization of hyperlink elements. This issue arises due to the improper handling of hyperlink element...

CVE-2024-45292

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. \PhpOffice\PhpSpreadsheet\Writer\Html does not sanitize "javascript:" URLs from hyperlink href attributes, resulting in a Cross-Site Scripting vulnerability. This issue has been addressed in release versions 1.29.2,...

Telerik UI for WPF < 2024.3.924 Multiple Vulnerabilities

The version of Progress Telerik UI for WPF installed on the remote Windows host is prior to 2024 Q3 2024.3.924. It is, therefore, affected by multiple vulnerabilities: - A command injection attack is possible through improper neutralization of hyperlink elements. CVE-2024-7575 - A code execution...

CVE-2024-7679

In Progress Telerik UI for WinForms versions prior to 2024 Q3 2024.3.924, a command injection attack is possible through improper neutralization of hyperlink elements...

CVE-2024-7575

In Progress Telerik UI for WPF versions prior to 2024 Q3 2024.3.924, a command injection attack is possible through improper neutralization of hyperlink elements...

CVE-2024-7575

In Progress Telerik UI for WPF versions prior to 2024 Q3 2024.3.924, a command injection attack is possible through improper neutralization of hyperlink elements...

CVE-2024-7679

Summary: CVE-2024-7679 affects Progress Telerik UI for WinForms prior to 2024 Q3 (2024.3.924). The root cause is improper neutralization of hyperlink elements, enabling a command injection attack. What’s affected: Progress Telerik UI for WinForms versions before 2024.3.924. Impact: potential comm...

CVE-2024-7679 Improper neutralization special element in hyperlinks

In Progress Telerik UI for WinForms versions prior to 2024 Q3 2024.3.924, a command injection attack is possible through improper neutralization of hyperlink elements...

PT-2024-38501 · Progress · Telerik Ui For Winforms

Name of the Vulnerable Software and Affected Versions: Telerik UI for WinForms versions prior to 2024 Q3 2024.3.924 Description: A command injection attack is possible through improper neutralization of hyperlink elements. This issue affects earlier versions of Progress Telerik UI for WinForms,...

PT-2024-38429 · Telerik · Telerik Ui For Wpf

Name of the Vulnerable Software and Affected Versions: Telerik UI for WPF versions prior to 2024 Q3 2024.3.924 Description: A command injection attack is possible due to improper neutralization of hyperlink elements. This issue arises from the improper handling of certain elements, allowing for...

Telerik UI 命令注入漏洞

Telerik UI is a suite of UI User Interface controls for application development from Telerik Bulgaria. A command injection vulnerability exists in Telerik UI 2024 Q3 2024.3.806 and earlier versions, which stems from a command injection attack that can be performed via improper neutralization of...

The vulnerability of the Rockwell Automation ThinManager platform for centralized application management, related to errors in processing hypertext links, allows a hacker to execute arbitrary code.

The vulnerability of the Rockwell Automation ThinManager application platform for centralized application management is related to errors in processing hypertext links. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a specially crafted POST reques...

September 3, 2024, update for Access 2016 (KB5002633)

September 3, 2024, update for Access 2016 KB5002633 This article describes update 5002633 for Microsoft Access 2016 that was released on September 3, 2024.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't app...

Information Disclosure

mantisbt/mantisbt is vulnerable to Information Disclosure. The vulnerability is due to insufficient access checks when generating hyperlinks for users who do not have access, allowing some information to be revealed via the link, link label, and tooltip...

Description of the security update for SharePoint Server Subscription Edition: March 12, 2024 (KB5002564)

Description of the security update for SharePoint Server Subscription Edition: March 12, 2024 KB5002564 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposure...

MJML App Security Vulnerability

MJML App is an MJML open source MJML desktop application. A security vulnerability exists in mjml-app version 3.0.4 and 3.1.0-beta, which stems from a Remote Code Execution RCE vulnerability in the href attribute...

Statamic CMS Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Stored Cross-Site Scripting vulnerabilities product: Statamic CMS vulnerable version: =4.46.0, =3.4.17 CVE number: CVE-2024-24570 impact: high homepage:...