Lucene search
K

11640 matches found

Vulnrichment
Vulnrichment
added 2024/12/19 9:39 a.m.38 views

CVE-2023-4617 Gaining remote control over Govee devices

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in...

10CVSS6.8AI score0.00571EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2024/12/19 8:0 a.m.5 views

Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

...

5.5CVSS6.3AI score0.00298EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/12/19 8:0 a.m.7 views

Unbounded memory buffering in SelectorSocketTransport.writelines()

...

8.7CVSS7AI score0.01844EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2024/12/19 12:0 a.m.7 views

libarchive run_filters Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of libarchive. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the runfilters method...

7.8CVSS7AI score0.87784EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/19 12:0 a.m.3 views

Govee Home 安全漏洞

Govee Home is an application from Govee, Inc. A security vulnerability exists in Govee Home that stems from an Authorization Error vulnerability in the HTTP POST method in the application, which allows remote attackers to take control of devices owned by other users by changing the values of the...

10CVSS6.9AI score0.00571EPSS
Exploits0References4
OSV
OSV
added 2024/12/18 7:21 p.m.3 views

CVE-2024-52590 Missing validation allows spoofed profiles in Misskey

Misskey is an open source, federated social media platform. In affected versions missing validation in ApRequestService.signedGet allows an attacker to create fake user profiles that appear to be from a different instance than the one where they actually exist. These profiles can be used to...

8.8CVSS6.8AI score0.00334EPSS
Exploits0References3
OSV
OSV
added 2024/12/18 3:51 p.m.5 views

GHSA-2FF4-XFPR-M32R `Slip10Like` derivation method instantiated with certain curves may allow attacker to find derivation path which results into very long derivation (possible DoS)

Impact Impacted are the only ones who use hdwallet::Slip10Like or slip10 derivation method instantiated with curves other than secp256k1 and secp256r1. hdwallet crate used to provide Slip10Like derivation method, which is also provided in slip-10 crate as a default derivation method. It's based o...

7.2AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/12/17 7:56 p.m.18 views

Moderate: Red Hat Security Advisory: python3.11-urllib3 security update

An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

4.2CVSS6.8AI score0.00544EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/12/17 7:1 p.m.1 views

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

4.2CVSS7.2AI score0.00544EPSS
Exploits0References7
NVD
NVD
added 2024/12/17 4:15 p.m.14 views

CVE-2024-53144

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Align BR/EDR JUSTWORKS paring with LE This aligned BR/EDR JUSTWORKS method with LE which since 92516cd97fd4 "Bluetooth: Always request for user confirmation for Just Works" always request user confirmation wi...

5.5CVSS0.00256EPSS
Exploits0References10
The Hacker News
The Hacker News
added 2024/12/17 6:55 a.m.10 views

The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal

A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022. "The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007," Kaspersky...

9.3CVSS6.9AI score0.05476EPSS
Exploits1
Citrix
Citrix
added 2024/12/17 12:0 a.m.8 views

Subnet mask missing in Windows once PVS target is booted via BDM

When booting a PVS target using a BDM with static IP and having DHCP enabled in the vdisk, Windows may be missing its subnet mask...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/12/17 12:0 a.m.4 views

The vulnerability of the Input Method Editor (IME) component of Microsoft Windows allows a hacker to execute arbitrary code.

The vulnerability of the Input Method Editor IME component in Microsoft Windows systems is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

7.8CVSS5.8AI score0.00928EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2024/12/17 12:0 a.m.13 views

Moderate: tuned security update

The tuned packages provide a service that tunes system settings according to a selected profile. Security Fixes: tuned: improper sanitization of instancename parameter of the instancecreate method CVE-2024-52337 For more details about the security issues, including the impact, a CVSS score,...

5.5CVSS6.8AI score0.00298EPSS
Exploits0References4
Snyk
Snyk
added 2024/12/16 12:3 p.m.1 views

Improper Input Validation

Overview spatie/browsershot is a library for converting a webpage to an image or pdf using headless Chrome. Affected versions of this package are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the...

8.6CVSS6.8AI score0.00601EPSS
Exploits0References2
Snyk
Snyk
added 2024/12/13 8:35 p.m.8 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the remember method of the RemembersQueries trait. An attacker can execute arbitrary code by invoking any function or static method where the callable has no parameters or lacks strict parameter types. PoC...

8.8CVSS7.9AI score0.28571EPSS
Exploits3References2
OSV
OSV
added 2024/12/13 8:35 p.m.14 views

GHSA-8VWH-PR89-4MW2 Laravel Pulse Allows Remote Code Execution via Unprotected Query Method

A vulnerability has been discovered in Laravel Pulse that could allow remote code execution through the public remember method in the Laravel\Pulse\Livewire\Concerns\RemembersQueries trait. This method is accessible via Livewire components and can be exploited to call arbitrary callables within t...

8.7CVSS8.9AI score0.28571EPSS
Exploits3References4
Github Security Blog
Github Security Blog
added 2024/12/13 8:35 p.m.22 views

Laravel Pulse Allows Remote Code Execution via Unprotected Query Method

A vulnerability has been discovered in Laravel Pulse that could allow remote code execution through the public remember method in the Laravel\Pulse\Livewire\Concerns\RemembersQueries trait. This method is accessible via Livewire components and can be exploited to call arbitrary callables within t...

8.8CVSS8.9AI score0.28571EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2024/12/13 4:4 p.m.22 views

CVE-2024-55661 Laravel Pulse Allows Remote Code Execution via Unprotected Query Method

Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications. A vulnerability has been discovered in Laravel Pulse prior to version 1.3.1 that could allow remote code execution through the public remember method in the...

8.7CVSS0.28571EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2024/12/13 4:4 p.m.21 views

CVE-2024-55661 Laravel Pulse Allows Remote Code Execution via Unprotected Query Method

Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications. A vulnerability has been discovered in Laravel Pulse prior to version 1.3.1 that could allow remote code execution through the public remember method in the...

8.7CVSS8.1AI score0.28571EPSS
Exploits3References2
Rows per page
Query Builder