268 matches found
CVE-2025-31674
The CVE-2025-31674 entry concerns Drupal core vulnerability: Improperly Controlled Modification of Dynamically-Determined Object Attributes, enabling Object Injection. Affected Drupal core versions are 8.0.0–before 10.3.13, 10.4.0–before 10.4.3, 11.0.0–before 11.0.12, and 11.1.0–before 11.1.3. Th...
GHSA-RRH3-CGMX-W62F Additional TCA Allows Cross-Site Scripting (XSS)
A cross-site scripting XSS vulnerability has been discovered in the Additional TCA extension. This vulnerabily is exploitable by a logged in backend user utilizing the TYPO3 backend user interface. This user can create output in the HTML context by exploiting improperly encoded user input. Update...
CVE-2025-27509 SAML authentication vulnerability due to improper SAML response validation
fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to forge authentication assertions, provision a new administrative user account if Just-In-Time JIT provisioning is enabled, or create new...
CVE-2025-27414 MinIO SFTP authentication bypass due to improperly trusted SSH key
MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO server with SFTP...
CVE-2024-23363
Transient DOS while processing an improperly formatted Fine Time Measurement FTM management frame...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Feb-2025 Release 1, which stems from an improperly exported Android application componen...
CVE-2024-51470
CVE-2024-51470 affects IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS/CD, 9.4 LTS/CD, IBM MQ Appliance 9.3 LTS/CD/9.4 LTS, and IBM MQ for HPE NonStop 8.1.0–8.1.0.25, allowing an authenticated user to cause a denial-of-service via messages with improperly set values. The root cause is improper handling of unusu...
CVE-2024-51470 IBM MQ denial of service
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values...
CVE-2024-51470 IBM MQ denial of service
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values...
CVE-2024-49128
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network...
CVE-2024-45736 Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGESTEVAL"...
CVE-2024-45736
CVE-2024-45736 affects Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111. A low-privileged user without admin/power roles can craft a search query with an improperly formatted INGEST_EVAL parameter in a ...
CVE-2024-9139
CVE-2024-9139 relates to an OS command injection in MOXA devices (notably MOXA EDR-8010, EDR-G9004, EDR-G9010, EDF-G1002-BP, NAT-102, G4302-LTE4, TN-4900 among others). The root cause is failure to neutralize special elements in restricted commands, enabling a remote attacker to execute arbitrary...
CVE-2024-30118 HCL Connections is susceptible to a sensitive information disclosure vulnerability
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improperly initialized pointer...
RUSTSEC-2024-0371 gix-path improperly resolves configuration path reported by Git
Summary gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or non-ASCII characters, in rare cases enabling a local attacker to inject configuration leading to code execution. Details In gixpath::env, th...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile devices SMR Sep-2024 Release 1 version and prior versions, which stems from an issue where the FeliCaTest component contai...
GO-2022-0936 Improperly Implemented path matching for in-toto-golang in github.com/in-toto/in-toto-golang
Improperly Implemented path matching for in-toto-golang in github.com/in-toto/in-toto-golang...
CVE-2024-7790 DevikaAI Stored Cross-Site Scripting
A stored cross site scripting vulnerabilities exists in DevikaAI from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards via improperly decoded user input...
CVE-2024-7790
CVE-2024-7790 describes a stored cross-site scripting vulnerability in DevikaAI affecting input handling since commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2. The root cause cited is improperly decoded user input , enabling a stored XSS condition. The CVE entries and connected sources consistent...