CVE-2024-24389

A cross-site scripting XSS vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter...

CVE-2023-4479

Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period...

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

Student Enrollment In PHP Security Vulnerability

Student Enrollment In PHP is an open source student enrollment system by code-projects. A security vulnerability exists in Student Enrollment In PHP v1.0, which is caused by an arbitrary file upload vulnerability in the Update or Edit Student Avatar feature, which can be exploited to execute...

UBUNTU-CVE-2024-24568

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3...

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a Fortinet security operating system on the FortiGate network security platform.Fortinet FortiProxy is a secure network proxy that protects employees from cyberattacks by combining a variety of detection technologies such as Web filtering, DNS filtering, DLP, anti-virus,...

PT-2024-21399 · Kirby Cms +1 · Kirby Cms +1

Name of the Vulnerable Software and Affected Versions: Kirby CMS version 4.1.0 Description: An HTML injection issue exists in the Edit Content Layout module. The vendor disputes the significance of this report, stating that some HTML formatting is allowed and backend sanitization prevents the...

Weston Embedded uC-HTTP Security Vulnerability

Weston Embedded uC-HTTP is an embedded HTTP service from Weston Embedded. A security vulnerability exists in Weston Embedded uC-HTTP that stems from a heap-based buffer overflow vulnerability in the HTTP server functionality...

Pyhtml2pdf Cross-Site Scripting Vulnerability

Pyhtml2pdf is a simple python wrapper from the Python Foundation. Convert HTML to PDF using headless Chrome via selenium. A cross-site scripting vulnerability exists in Pyhtml2pdf version 0.0.6, which stems from not validating user-entered HTML content, resulting in an attacker being able to obta...

The vulnerability of the implementation of the PPTP protocol by the microprogramming-based VPN router TP-Link ER7206 Omada allows a perpetrator to execute arbitrary commands.

The vulnerability of the PPTP protocol implementation in the TP-Link ER7206 Omada VPN router software exists due to the lack of measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands through ports 80/443 remotely...

CVE-2023-31728

Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface...

CVE-2024-20947

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

The vulnerability of the http parser() function in the Apache bRPC RPC framework allows a attacker to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the http parser function in the Apache bRPC RPC framework is related to a discrepancy in the RFC-7230 HTTP 1.1 specification regarding the handling of HTTP requests when processing fields such as Transfer-Encoding and Content-Length. Exploiting this vulnerability allows an...

The vulnerability of HTTP/3 QUIC modules in NGINX Plus and NGINX OSS web servers allows attackers to cause service interruptions.

The vulnerability of HTTP/3 QUIC in NGINX Plus and NGINX OSS web servers is related to the swapping of the zero pointer. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending specially crafted requests...

CVE-2024-23314

When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

PT-2024-19803 · F5 · Big-Ip Next Spk +1

Name of the Vulnerable Software and Affected Versions: BIG-IP versions affected versions not specified BIG-IP Next SPK versions affected versions not specified Description: When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management...

squid: Buffer over-read in the HTTP Message processing feature

A buffer over-read flaw was found in Squid's HTTP Message processing feature. This issue may allow attackers to perform remote denial of service...

squid: DoS against HTTP and HTTPS

A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk...

The vulnerability of Google Chrome’s Skia graphic library allows a hacker to execute arbitrary code.

The vulnerability of Google Chrome’s Skia graphics library is related to buffer overflow attacks. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created HTML page...

Fedora: Security Advisory for atril (FEDORA-2024-59a7d96d84)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...