Denial Of Service (DoS)

github.com/gofiber/fiber/v2 is vulnerable to Denial Of Service DoS. The vulnerability is due to improper input handling in the Ctx.BodyParser method panicking when processing user-supplied input with negative slice indices instead of returning an error...

Authentication Bypass

org.springframework.security, spring-security-aspects is vulnerable to an Authorization Bypass. The vulnerability is due to Spring Security Aspects not detecting method security annotations on private methods when @EnableMethodSecuritymode=ASPECTJ is used, allowing an attacker to invoke those...

Novel Loss-Enhanced Universal Adversarial Patches for Sustainable Speaker Privacy

Deep learning voice models are commonly used nowadays, but the safety processing of personal data, such as human identity and speech content, remains suspicious. To prevent malicious user identification, speaker anonymization methods were proposed. Current methods, particularly based on universal...

The vulnerability of the configuration @EnableMethodSecurity(mode=ASPECTJ) or spring-security-aspects in the Java framework for securing Spring-based industrial applications allows attackers to bypass the authentication process.

The vulnerability of the @EnableMethodSecurity'mode=ASPECTJ configuration or the spring-security-aspects Java framework for securing Spring-based industrial applications is related to a flaw in the data protection mechanism. Exploiting this vulnerability could allow an attacker to bypass...

CLSA-2025-1748002217 golang: Fix of CVE-2024-24790

CVE-2024-24790: fix unexpected behavior from Is methods for IPv4-mapped IPv6 addresses...

CVE-2024-47294

Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-28421

SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php...

CVE-2024-25675

An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp...

CVE-2024-21731

Improper handling of input could lead to an XSS vector in the StringHelper::truncate method...

CVE-2024-24216

Zentao v18.0 to v18.10 was discovered to contain a remote code execution RCE vulnerability via the checkConnection method of /app/zentao/module/repo/model.php...

CVE-2024-33836

In the module "JA Marketplace" jamarketplace up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method JmarketplaceproductModuleFrontController::init and in version 8.X, the method...

CVE-2024-5676

The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery CSRF attacks due to a lack of countermeasures and the use of the HTTP method GET to introduce changes in the system...

CVE-2024-36582

alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend method of Module.deepAssign /src/index.js...

CVE-2024-45400

ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. A vulnerability in versions of the plugin prior to 1.0.7 allowed a user to execute JavaScript code by abusing the link href attribute. The fix...

CVE-2024-46934

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting XSS. Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload...

CVE-2024-10379

A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument decryptFileId with the input...

CVE-2024-54762

Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection...

CVE-2024-51992

Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue CWE-749: Exposed Dangerous Method or Function in the Orchid Platform’s asynchronous modal functionality, affecti...

CVE-2024-33117

crmebjava v1.3.4 was discovered to contain a Server-Side Request Forgery SSRF via the mergeList method in class com.zbkj.front.pub.ImageMergeController...

CVE-2024-33530

In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi meetings that make use of a lobby leads to the disclosure of the meeting password when a user is invited to a call after waiting in the lobby...