Lucene search
K

11641 matches found

Vulnrichment
Vulnrichment
added 2024/12/13 4:4 p.m.21 views

CVE-2024-55661 Laravel Pulse Allows Remote Code Execution via Unprotected Query Method

Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications. A vulnerability has been discovered in Laravel Pulse prior to version 1.3.1 that could allow remote code execution through the public remember method in the...

8.7CVSS8.1AI score0.28571EPSS
Exploits3References2
OSV
OSV
added 2024/12/13 4:4 p.m.13 views

CVE-2024-55661 Laravel Pulse Allows Remote Code Execution via Unprotected Query Method

Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications. A vulnerability has been discovered in Laravel Pulse prior to version 1.3.1 that could allow remote code execution through the public remember method in the...

8.7CVSS8.2AI score0.28571EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2024/12/13 12:0 a.m.10 views

CBL Mariner 2.0 Security Update: kernel (CVE-2024-50117)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50117 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF...

5.5CVSS6.2AI score0.00245EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/12 7:20 p.m.10 views

CVE-2024-55878 Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Version 1.1.12 fixes the issue. As a workaround, don't use direct...

6.8CVSS7.4AI score0.00444EPSS
Exploits0References2
CVE
CVE
added 2024/12/12 7:20 p.m.64 views

CVE-2024-55878

The CVE-2024-55878 entry affects SimpleXLSX (PHP library for parsing Excel XLSX files). The vulnerability lies in the extended toHTMLEx method, exploited when calling toHTMLEx in versions 1.0.12 through 1.1.11, allowing arbitrary JavaScript execution (XSS) in affected contexts. Impact is elevated...

6.8CVSS6.9AI score0.00444EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2024/12/12 8:0 a.m.8 views

drm/amd: Guard against bad data for ATIF ACPI method

...

5.5CVSS6.8AI score0.00245EPSS
Exploits0
OSV
OSV
added 2024/12/12 2:4 a.m.2 views

CVE-2024-49079

Input Method Editor IME Remote Code Execution Vulnerability...

7.8CVSS5.9AI score0.00928EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.39 views

SimpleXLSX 跨站脚本漏洞

SimpleXLSX is a tool by the individual developer Sergey Shuchkin. It is used to parse and retrieve data from Excel XLSx files. A cross-site scripting vulnerability exists in SimpleXLSX version 1.0.12 up to and including version 1.1.12, which stems from the execution of arbitrary JavaScript code...

6.8CVSS6.2AI score0.00444EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/12 12:0 a.m.22 views

PT-2024-36597 · Unknown · Simplexlsx

Name of the Vulnerable Software and Affected Versions: SimpleXLSX versions 1.0.12 through 1.1.12 Description: The issue allows for the execution of arbitrary JavaScript code when calling the extended toHTMLEx method. This can be exploited in versions prior to 1.1.12. The estimated number of...

6.8CVSS7.6AI score0.00444EPSS
Exploits0References9
Veracode
Veracode
added 2024/12/11 6:48 a.m.8 views

Method Exposure

orchid/platform is vulnerable to Method Exposure. The vulnerability is due to inadequate access control in the asynchronous modal functionality of the Orchid Platform, allows arbitrary methods within the Screen class to be called without proper validation, enabling attackers to exploit the expose...

4.1CVSS6.7AI score0.00322EPSS
Exploits0References3Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2024/12/11 12:0 a.m.6 views

ManageEngine Analytics Plus getOAToken Exposed Dangerous Method Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine Analytics Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the getOAToken action. The issue results from an exposed...

8.8CVSS6.8AI score0.01128EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/12/11 12:0 a.m.5 views

The vulnerability of the GET method of the software management system in the One-to-one Dell OpenManage Server Administrator (OMSA) mode allows attackers to increase their privileges.

The vulnerability of the GET method of the software management interface in the One-to-one Dell OpenManage Server Administrator OMSA mode is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain increased privileges remotely...

4.3CVSS5.5AI score0.00329EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/12/10 5:49 p.m.30 views

CVE-2024-49079 Input Method Editor (IME) Remote Code Execution Vulnerability

...

7.8CVSS0.00928EPSS
Exploits0References1
CVE
CVE
added 2024/12/10 5:49 p.m.111 views

CVE-2024-49079

Technical details for CVE-2024-49079 are not provided in the supplied documents. Monitor for updates from Microsoft, NVD, CVE List, and other official sources as disclosures evolve.

7.8CVSS7.8AI score0.00928EPSS
Exploits0References1Affected Software14
Vulnrichment
Vulnrichment
added 2024/12/10 5:49 p.m.32 views

CVE-2024-49079 Input Method Editor (IME) Remote Code Execution Vulnerability

...

7.8CVSS7.2AI score0.00928EPSS
Exploits0References1
OSV
OSV
added 2024/12/10 3:32 p.m.9 views

GHSA-F626-677R-J5VQ Withdrawn Advisory: Nette Database SQL injection

Withdrawn Advisory This advisory has been withdrawn as it was reported in error. This link is maintained to preserve external references. Original Description Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where...

9.8CVSS9.9AI score0.00531EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/12/10 3:32 p.m.13 views

Withdrawn Advisory: Nette Database SQL injection

Withdrawn Advisory This advisory has been withdrawn as it was reported in error. This link is maintained to preserve external references. Original Description Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where...

9.8CVSS9.8AI score0.00531EPSS
Exploits0References6Affected Software1
Microsoft CVE
Microsoft CVE
added 2024/12/10 8:0 a.m.25 views

Input Method Editor (IME) Remote Code Execution Vulnerability

...

7.8CVSS7AI score0.00928EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/12/10 12:0 a.m.2 views

PT-2024-9526 · Unknown +1 · Input Method Editor +1

Name of the Vulnerable Software and Affected Versions: Input Method Editor IME affected versions not specified Description: The issue is related to a remote code execution problem in the Input Method Editor IME component, which can be exploited by remote attackers to execute arbitrary code on the...

7.8CVSS8.1AI score0.00928EPSS
Exploits0References6
CVE
CVE
added 2024/12/10 12:0 a.m.59 views

CVE-2024-55586

CVE-2024-55586 (Nette Database) : Affected software is Nette Database up to version 3.2.4. The vulnerability is a SQL injection vulnerability where an untrusted filter is passed directly to the where method, enabling manipulation of query logic. The vendor states this is intended behavior. Public...

9.8CVSS9.8AI score0.00531EPSS
Exploits0References3
Rows per page
Query Builder