11641 matches found
CVE-2024-55661 Laravel Pulse Allows Remote Code Execution via Unprotected Query Method
Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications. A vulnerability has been discovered in Laravel Pulse prior to version 1.3.1 that could allow remote code execution through the public remember method in the...
CVE-2024-55661 Laravel Pulse Allows Remote Code Execution via Unprotected Query Method
Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications. A vulnerability has been discovered in Laravel Pulse prior to version 1.3.1 that could allow remote code execution through the public remember method in the...
CBL Mariner 2.0 Security Update: kernel (CVE-2024-50117)
The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50117 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF...
CVE-2024-55878 Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx
SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Version 1.1.12 fixes the issue. As a workaround, don't use direct...
CVE-2024-55878
The CVE-2024-55878 entry affects SimpleXLSX (PHP library for parsing Excel XLSX files). The vulnerability lies in the extended toHTMLEx method, exploited when calling toHTMLEx in versions 1.0.12 through 1.1.11, allowing arbitrary JavaScript execution (XSS) in affected contexts. Impact is elevated...
drm/amd: Guard against bad data for ATIF ACPI method
...
CVE-2024-49079
Input Method Editor IME Remote Code Execution Vulnerability...
SimpleXLSX 跨站脚本漏洞
SimpleXLSX is a tool by the individual developer Sergey Shuchkin. It is used to parse and retrieve data from Excel XLSx files. A cross-site scripting vulnerability exists in SimpleXLSX version 1.0.12 up to and including version 1.1.12, which stems from the execution of arbitrary JavaScript code...
PT-2024-36597 · Unknown · Simplexlsx
Name of the Vulnerable Software and Affected Versions: SimpleXLSX versions 1.0.12 through 1.1.12 Description: The issue allows for the execution of arbitrary JavaScript code when calling the extended toHTMLEx method. This can be exploited in versions prior to 1.1.12. The estimated number of...
Method Exposure
orchid/platform is vulnerable to Method Exposure. The vulnerability is due to inadequate access control in the asynchronous modal functionality of the Orchid Platform, allows arbitrary methods within the Screen class to be called without proper validation, enabling attackers to exploit the expose...
ManageEngine Analytics Plus getOAToken Exposed Dangerous Method Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine Analytics Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the getOAToken action. The issue results from an exposed...
The vulnerability of the GET method of the software management system in the One-to-one Dell OpenManage Server Administrator (OMSA) mode allows attackers to increase their privileges.
The vulnerability of the GET method of the software management interface in the One-to-one Dell OpenManage Server Administrator OMSA mode is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain increased privileges remotely...
CVE-2024-49079 Input Method Editor (IME) Remote Code Execution Vulnerability
...
CVE-2024-49079
Technical details for CVE-2024-49079 are not provided in the supplied documents. Monitor for updates from Microsoft, NVD, CVE List, and other official sources as disclosures evolve.
CVE-2024-49079 Input Method Editor (IME) Remote Code Execution Vulnerability
...
GHSA-F626-677R-J5VQ Withdrawn Advisory: Nette Database SQL injection
Withdrawn Advisory This advisory has been withdrawn as it was reported in error. This link is maintained to preserve external references. Original Description Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where...
Withdrawn Advisory: Nette Database SQL injection
Withdrawn Advisory This advisory has been withdrawn as it was reported in error. This link is maintained to preserve external references. Original Description Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where...
Input Method Editor (IME) Remote Code Execution Vulnerability
...
PT-2024-9526 · Unknown +1 · Input Method Editor +1
Name of the Vulnerable Software and Affected Versions: Input Method Editor IME affected versions not specified Description: The issue is related to a remote code execution problem in the Input Method Editor IME component, which can be exploited by remote attackers to execute arbitrary code on the...
CVE-2024-55586
CVE-2024-55586 (Nette Database) : Affected software is Nette Database up to version 3.2.4. The vulnerability is a SQL injection vulnerability where an untrusted filter is passed directly to the where method, enabling manipulation of query logic. The vendor states this is intended behavior. Public...