NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2024-0014)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt...

PT-2024-3333 · D Link · D-Link Dir-845L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-845L router version 1.01KRb03 and before Description: The issue is related to a command injection vulnerability via the hnap main function. This vulnerability is associated with the failure to neutralize special elements used in th...

nginxWebUI 代码问题漏洞

nginxWebUI is a nginx web configuration tool. cym1102 A code issue vulnerability exists in nginxWebUI version 3.9.9, which stems from an unrestricted file upload in the upload method of the /adminPage/main/upload file...

nginxWebUI 操作系统命令注入漏洞

nginxWebUI is an nginx web configuration tool. An operating system command injection vulnerability exists in nginxWebUI, which stems from the file parameter of the /adminPage/main/upload file failing to properly filter constructed command special characters, commands, and so on. An attacker can...

Can ships be hacked?

Photo: David Adams, MV Dali and the Francis Scott Key Bridge collapse - 240326-A-SE916-6662, A layer has been added showing a character and a speech bubble, CC0 1.0 TL;DR Ships can be hacked Was the MV Dali hacked? Practically impossible Polarised views from uninformed commentators do not help...

CVE-2024-31984 XWiki Platform: Remote code execution through space title and Solr space facet

XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the Solr-based search in XWiki. This allows any user who can edi...

CVE-2024-28243

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where...

CVE-2024-28243

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where...

PT-2024-10972 · Openeuler · Openeuler Isulad

Name of the Vulnerable Software and Affected Versions: openEuler iSulad version 2.0.18-13 openEuler iSulad versions 2.1.4-1 through 2.1.4-2 Description: The issue is a Time-of-check Time-of-use TOCTOU Race Condition vulnerability in openEuler iSulad on Linux, allowing the leveraging of...

CVE-2024-29385

DIR-845L router = v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgimain function...

PT-2024-22874 · D Link · D-Link Dir-845L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-845L router version 1.01KRb03 and earlier Description: The issue is related to an Unauthenticated remote code execution vulnerability in the cgibin binary via the soapcgi main function. This allows for remote code execution without...

CVE-2023-40279

An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do...

PT-2024-12882 · Unknown · Openclinic Ga

Name of the Vulnerable Software and Affected Versions: OpenClinic GA version 5.247.01 Description: An issue was discovered in OpenClinic GA, allowing an attacker to perform a directory path traversal via the Page parameter in a GET request to the "main.do" endpoint. Recommendations: For OpenClini...

DEBIAN-CVE-2024-26634

In the Linux kernel, the following vulnerability has been resolved: net: fix removing a namespace with conflicting altnames Mark reports a BUG when a net namespace is removed. kernel BUG at net/core/dev.c:11520! Physical interfaces moved outside of initnet get "refunded" to initnet when that...

CVE-2024-26634

In the Linux kernel, the following vulnerability has been resolved: net: fix removing a namespace with conflicting altnames Mark reports a BUG when a net namespace is removed. kernel BUG at net/core/dev.c:11520! Physical interfaces moved outside of initnet get "refunded" to initnet when that...

RiteCMS Cross-Site Scripting Vulnerability (CNVD-2025-21552)

RiteCMS is an open source content management system based on PHP and SQLite. RiteCMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the component mainmenu/editsection, which can be exploited by an attacker to...

CVE-2024-28678

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/articledescriptionmain.php...

CVE-2024-28677

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/articlekeywordsmain.php...

CVE-2024-28671

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/stepselectmain.php...

RiteCMS 跨站脚本漏洞

RiteCMS is an open source content management system based on PHP and SQLite. RiteCMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the component mainmenu/editsection, which can be exploited by an attacker to...