2874 matches found
CVE-2024-41375
ICEcoder 8.1 is vulnerable to Cross Site Scripting XSS via lib/terminal-xhr.php...
CVE-2024-41374
ICEcoder 8.1 is vulnerable to Cross Site Scripting XSS via lib/settings-screen.php...
CVE-2024-41375
ICEcoder 8.1 is vulnerable to Cross Site Scripting XSS via lib/terminal-xhr.php...
CVE-2024-41373
ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php...
CVE-2024-41373
ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php...
CVE-2024-41374
ICEcoder 8.1 is vulnerable to Cross Site Scripting XSS via lib/settings-screen.php...
ICEcoder 安全漏洞
ICEcoder is a browser-based code editor from ICEcoder open source. Allows users to code online or offline directly in a web browser. A security vulnerability exists in ICEcoder version 8.1, which originated from a discovery via lib/terminal-xhr.php that contained a cross-site scripting...
ICEcoder 安全漏洞
ICEcoder is a browser-based code editor from ICEcoder open source. Allows users to code online or offline directly in a web browser. A security vulnerability exists in ICEcoder version 8.1, which stems from a discovery via lib/settings-screen.php that contains a cross-site scripting vulnerability...
CVE-2024-41375
ICEcoder 8.1 is vulnerable to Cross Site Scripting XSS via lib/terminal-xhr.php...
CVE-2024-41375
CVE-2024-41375 affects ICEcoder 8.1, with a Cross Site Scripting (XSS) vulnerability via lib/terminal-xhr.php. Affected component: lib/terminal-xhr.php in ICEcoder 8.1. Documented impact: XSS; no exploit specifics or fixed version are provided in the supplied sources. Remediation status not state...
CVE-2024-41373
ICEcoder 8.1 is affected by a Path Traversal vulnerability via lib/backup-versions-preview-loader.php (CVE-2024-41373). All connected sources consistently identify the issue as a path traversal in that file. The documentation does not explicitly detail impact vectors, affected configurations, or ...
Rocky Linux 9 : kernel (RLSA-2024:4583)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:4583 advisory. kernel: TIPC message reassembly use-after-free remote code execution vulnerability CVE-2024-36886 kernel: ethernet: hisilicon: hns: hnsdsafmisc: fix a...
Oracle Linux 9 : kernel (ELSA-2024-4583)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4583 advisory. - net: ena: Fix incorrect descriptor free behavior Kamal Heib RHEL-39217 RHEL-37430 CVE-2024-35958 - tcp: Use refcountincnotzero in tcptwskunique...
CVE-2024-40129
Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context.c...
Username Enumeration
web-auth/webauthn-framework and web-auth/webauthn-lib are vulnerable to Username Enumeration. The vulnerability is due to the ProfileBasedRequestOptionsBuilder method returning allowedCredentials without any credentials if no username was found. This allows an attacker to enumerate valid username...
CVE-2024-40130
open5gs v2.6.4 is vulnerable to Buffer Overflow. via /lib/core/abts.c...
CVE-2024-39912 Enumeration of valid usernames in web-auth/webauthn-lib
web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found...
CVE-2024-39912 Enumeration of valid usernames in web-auth/webauthn-lib
web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found...
CVE-2024-39912
CVE-2024-39912 affects web-auth/webauthn-lib (PHP/Symfony) where ProfileBasedRequestOptionsBuilder returns allowedCredentials without credentials if no username is found, enabling username enumeration when WebAuthn is used as the first/only authentication method. Documented impact is enumeration ...
Malicious code in icca-core-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 47b406325b3f53507e65da352c268d0102771c0241dc5c0e1595b7493e72ef68 The OpenSSF Package Analysis project identified 'icca-core-lib' @ 1.0.8 npm as malicious. It is considered malicious because: - The package...