The vulnerability of the administrative interface of the FortiADC application controller allows a perpetrator to gain access to write arbitrary files.

The vulnerability of the FortiADC application delivery controller’s administrative interface is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain write access to arbitrary files by sending specially crafted HTTP or HTTPS requests...

The vulnerability of the user interface of the Oracle ZFS Storage Appliance Kit allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Oracle ZFS Storage Appliance Kit’s user interface is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information using the HTTP network protocol...

CVE-2024-38501

An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device...

mIPC camera 安全漏洞

mIPC camera is a series of cameras from mIPC. A security vulnerability exists in versions prior to mIPC camera v5.4.1.240424171021, which stems from an operating system command injection flaw in the ccmdebug component that allows an attacker on the same network to execute arbitrary code via a...

The vulnerability of the WebTransport interface in Google Chrome and Microsoft Edge allows a hacker to execute arbitrary code.

The vulnerability of the WebTransport interface in Google Chrome and Microsoft Edge relates to memory-walking attacks. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created HTML page...

httpd: CONTINUATION frames DoS

A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...

Spring Tips: HTMX

Hi, Spring fans! HTMX is the progressive hypertext sensation that's sweeping the process of web app creation, and - thanks to a nice integration by Spring community legend Wim Deblauwe, it's easier than ever to use it with Spring Boot and Thymeleaf. And, it's the topic of today's installment! jav...

Cisco Small Business SPA300 Series IP Phones和Cisco Small Business SPA500 Series IP Phones 安全漏洞

Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA300 Series IP Phones are both products of Cisco, Inc.Cisco Small Business SPA500 Series IP Phones are an SPA500 Series IP Phone. The Cisco Small Business SPA500 Series IP Phones are SPA500 Series IP Phones.The Cisco Small...

DEBIAN-CVE-2024-6999

Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2024-6989

Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2023-40819

ID4Portais in version V.2022.837.002a returns message parameter unsanitized in the response, resulting in a HTML Injection vulnerability...

tomcat: Improper Handling of Exceptional Conditions

A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain...

Devlop ID4Portais 安全漏洞

Devlop ID4Portais is an application from Devlop USA. A security vulnerability exists in versions prior to Devlop ID4Portais V.2022.837.002a, which stems from an HTML injection vulnerability due to an uncleaned message parameter being returned in a response...

PT-2024-5754 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 127.0.6533.99 Microsoft Edge affected versions not specified Description: The issue is related to a heap buffer overflow in the Layout component, which could allow a remote attacker to exploit heap corruption v...

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

The vulnerability of the Archer Platform’s system for creating and managing business applications lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Archer Platform system for creating and managing business applications is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow an attacker to execute arbitrary HTML or JavaScript code...

The vulnerability of the Sign-In component in Google Chrome allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the Sign-In component in Google Chrome relates to the ability to circumvent navigation restrictions. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created HTML page...

jetty: stop accepting new connections from valid clients

A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file...

jetty: stop accepting new connections from valid clients

A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file...

PT-2024-28040 · Unknown +1 · Syncope Console +2

Name of the Vulnerable Software and Affected Versions: Syncope versions prior to 3.0.8 Description: The issue allows HTML tags to be added to any text field when editing a user, group, or object in the Syncope Console, potentially leading to exploits. The same vulnerability is found in the Syncop...