CVE-2024-51498 [@imput/cobalt-web] Cross-site Scripting when downloading picker image from malicious instance

cobalt is a media downloader that doesn't piss you off. A malicious cobalt instance could serve links with the javascript: protocol, resulting in Cross-site Scripting XSS when the user tries to download an item from a picker. This issue has been present since commit 66bac03e, was mitigated in...

cobalt 跨站脚本漏洞

cobalt is an imput open source media downloader. A cross-site scripting vulnerability exists in cobalt that stems from the fact that a malicious instance of cobalt may provide links using the javascript protocol, which can lead to cross-site scripting XSS when a user attempts to download items fr...

RHEL 6 / 7 : openstack-nova (RHSA-2015:1898)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1898 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing...

CVE-2024-10417

creationtimestamp| type| source ---|---|--- 2024-10-27 15:04:07+00:00| seen| https://t.me/cvedetector/9056 2025-10-01 18:11:57+00:00| seen| MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6 2025-10-08 21:59:32+00:00| seen| MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6...

Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor

Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via the secure shell SSH protocol. The packages attempt to "gain SSH access to the victim's machine by...

LangChain < 0.2.9 SSRF

The remote host contains a langchain version that is prior to 0.2.9. It is, therefore, affected by a Server-Side Request Forgery vulnerability in the Web Research Retriever component in langchain-community langchain-community.retrievers.webresearch.WebResearchRetriever. The vulnerability arises...

CVE-2024-41714

A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 9.8.1.5 and MiVoice Business Solution Virtual Instance MiVB SVI through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful...

CVE-2024-49876 drm/xe: fix UAF around queue destruction

In the Linux kernel, the following vulnerability has been resolved: drm/xe: fix UAF around queue destruction We currently do stuff like queuing the final destruction step on a random system wq, which will outlive the driver instance. With bad timing we can teardown the driver with one or more wor...

xen: privcmd: Fix possible access to a freed kirqfd instance

...

Microsoft Exchange PowerShell Unsafe Reflection NTLM Relay Vulnerability

This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the PowerShell endpoint. The process does not properly restrict a user-supplied argument...

PT-2024-31486 · Apache · Apache Cloudstack

Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.0.0 through 4.18.2.3 Apache CloudStack versions 4.19.0.0 through 4.19.1.1 Description: The issue arises due to missing validation checks for KVM-compatible templates or volumes in Apache CloudStack, allowing an...

CVE-2024-35202

Bitcoin Core before 25.0 allows remote attackers to cause a denial of service blocktxn message-handling assertion and node exit by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instan...

CVE-2024-35202

Bitcoin Core before 25.0 allows remote attackers to cause a denial of service blocktxn message-handling assertion and node exit by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instan...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stem...

MTN Group: Information disclosure due to debug mode enabled at Laravel instance https://mpos.mtn.co.sz/

The Laravel framework contained a vulnerability known as CVE-2021-3129, which allowed remote code execution due to unsafe usage of PHP in the Ignition debug module. This vulnerability was relatively easy to exploit and did not require user authentication, resulting in a high CVSS score of 9.8. Th...

Exploit for Code Injection in Cacti

CVE-2024-43363 CVE-2024-43363 Exploit Script This Python scr...

CVE-2024-41585

DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine...

Oracle Database Detection Consolidation

Consolidation of Oracle Database detections. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; ifdescription...

CVE-2024-46762

In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Fix possible access to a freed kirqfd instance Nothing prevents simultaneous ioctl calls to privcmdirqfdassign and privcmdirqfddeassign. If that happens, it is possible that a kirqfd created and added to the...

CVE-2024-46762

In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Fix possible access to a freed kirqfd instance Nothing prevents simultaneous ioctl calls to privcmdirqfdassign and privcmdirqfddeassign. If that happens, it is possible that a kirqfd created and added to the...