The vulnerability of the `fromSafeSetMacFilter` function in the `/goform/setMacFilterList` microprogramming system of the Tenda wireless access point allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the fromSafeSetMacFilter function in the /goform/setMacFilterList microprogramming system for the wireless access point Tenda is related to the operation of the function beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary co...

1k-tasks (>=4.0.0 <=4.2.2), @adobe/helix-deploy (>=9.3.8 <=9.3.14) +214 more potentially affected by CVE-2024-47068 via rollup (>=4.0.2 <=4.22.2)

rollup NPM version =4.0.2, =4.0.0, =9.3.8, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =2.17.15, =1.9.12, =18.1.0, =18.1.0, =12.0.1, =12.0.1, =13.0.0 and more Source cves: CVE-2024-47068 Source advisory: OSV:GHSA-GCX4-MW62-G8WM...

CVE-2024-9030

A vulnerability classified as problematic was found in CodeCanyon CRMGo SaaS 7.2. This vulnerability affects unknown code of the file /deal/noteid/note. The manipulation of the argument notes leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to th...

BELL-CVE-2024-46718

Bulletin has no description...

CVE-2024-0067

creationtimestamp| type| source ---|---|--- 2024-09-10 07:32:33+00:00| seen| https://t.me/cvedetector/5173...

CVE-2024-40643

Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag...

CVE-2024-40643

Summary: CVE-2024-40643 affects Joplin via a parsing error that fails to properly handle “

CVE-2024-40643 Joplin has a parsing error leading to Cross-site Scripting (XSS)

Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag...

UBUNTU-CVE-2024-44993

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix out-of-bounds read in v3dcsdjobrun When enabling UBSAN on Raspberry Pi 5, we get the following warning: 387.894977 UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3dsched.c:320:3 387.903868 index 7 is out of...

CVE-2024-45308 MySQL & free URL mode allows to hide existing notes in hedgedoc

HedgeDoc is an open source, real-time, collaborative, markdown notes application. When using HedgeDoc 1 with MySQL or MariaDB, it is possible to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by t...

CVE-2024-45308

HedgeDoc (the HedgeDoc project) contains a vulnerability affecting deployments using MySQL or MariaDB where an alias can be created equal to the ID of an existing note. The new note’s alias hides the original note and, in freeURL mode, can be created by users with appropriate permissions or, depe...

PT-2024-31561 · Oracle +1 · Mysql Server +1

Name of the Vulnerable Software and Affected Versions: HedgeDoc versions prior to 1.10.0 Description: HedgeDoc is an open source, real-time, collaborative, markdown notes application. When using HedgeDoc with MySQL or MariaDB, it is possible to create notes with an alias matching the ID of existi...

New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data

The threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints. The use of credential harvesting in connection with a ransomware infection marks an unusual twist, and one that could have cascadi...

YznCMS 安全漏洞

YznCMS is a backend development framework. A cross-site scripting vulnerability exists in YznCMS version 1.4.2, which stems from the lack of effective filtering and escaping of user-supplied data in the component /index/index.html, and can be exploited by an attacker to execute arbitrary Web scri...

CVE-2024-41659 GHSL-2024-034: memos CORS Misconfiguration in server.go

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

CVE-2024-41659 GHSL-2024-034: memos CORS Misconfiguration in server.go

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

Microsoft OneNote for macOS library injection vulnerability

Talos Vulnerability Report TALOS-2024-1975 Microsoft OneNote for macOS library injection vulnerability August 19, 2024 CVE Number CVE-2024-41159 SUMMARY A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote’s access...

CVE-2024-41613

A Cross Site Scripting XSS vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note...

CVE-2024-41613

A Cross Site Scripting XSS vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note...

CVE-2024-41613

A Cross Site Scripting XSS vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note...