CVE-2024-53268

Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows...

CVE-2024-53268

CVE-2024-53268 affects Joplin where openExternal is used without URI scheme filtering, enabling remote code execution on Windows environments. Affected versions exposed via this weakness; remediation is to upgrade to Joplin 3.0.3 or later. Some connected sources indicate a proof-of-concept exists...

CVE-2024-53251

REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used...

WordPress plugin wp_automatic_widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Low: unbound

Issue Overview: unbound: NULL Pointer Dereference in Unbound CVE-2024-43167 unbound: Heap-Buffer-Overflow in Unbound CVE-2024-43168 Affected Packages: unbound Issue Correction: Run dnf update unbound --releasever 2023.6.20241111 or dnf update --advisory ALAS2023-2024-760 --releasever...

BELL-CVE-2024-50091

Bulletin has no description...

AZL-52511 CVE-2024-50120 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: smb: client: Handle kstrdup failures for passwords In smb3reconfigure, after duplicating ctx-password and ctx-password2 with kstrdup, we need to check for allocation failures. If ses-password allocation fails, return -ENOMEM. If...

Xerox Printers Authenticated Remote Code Execution Vulnerability

Various Xerox printers, such as models EC80xx, AltaLink, VersaLink, and WorkCentre, suffer from an authenticated remote code execution vulnerability. ======================================================================= title: Authenticated Remote Code Execution product: Multiple Xerox printers...

CVE-2024-49767

Werkzeug is a Web Server Gateway Interface web application library. Applications using werkzeug.formparser.MultiPartParser corresponding to a version of Werkzeug prior to 3.0.6 to parse multipart/form-data requests e.g. all flask applications are vulnerable to a relatively simple but effective...

Malicious code in 52qr42 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e559619ab6112e5213407ad80e432cfb2f9143718e79a18bf5c4f94d26ecf0d6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Oracle Critical Patch Update Advisory - October 2024

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

com.charlyghislain.keycloak:keycloak-importexport (=21.0.0), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +79 more potentially affected by CVE-2024-8883 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=22.0.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.0.1, =1.3.2, =1.3.6 - io.github.jeff-tian:keycloak-phone-provider =2.3.10 and more Source cves: CVE-2024-8883 Source advisor...

PT-2024-38029

Name of the Vulnerable Software and Affected Versions Sharp NEC Projectors NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P525ULJL, NP-P525WL, NP-P525WL+, NP-P525WLG, NP-P525WLJL, NP-CG6500UL, NP-CG6500WL, NP-CG6700UL, NP-P605UL, NP-P605UL+, NP-P605ULG, NP-P605ULJL,...

The vulnerability of the `fromSafeSetMacFilter` function in the `/goform/setMacFilterList` microprogramming system of the Tenda wireless access point allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the fromSafeSetMacFilter function in the /goform/setMacFilterList microprogramming system for the wireless access point Tenda is related to the operation of the function beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary co...

1k-tasks (>=4.0.0 <=4.2.2), @adobe/helix-deploy (>=9.3.8 <=9.3.14) +214 more potentially affected by CVE-2024-47068 via rollup (>=4.0.2 <=4.22.2)

rollup NPM version =4.0.2, =4.0.0, =9.3.8, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =2.17.15, =1.9.12, =18.1.0, =18.1.0, =12.0.1, =12.0.1, =13.0.0 and more Source cves: CVE-2024-47068 Source advisory: OSV:GHSA-GCX4-MW62-G8WM...

CVE-2024-9030

A vulnerability classified as problematic was found in CodeCanyon CRMGo SaaS 7.2. This vulnerability affects unknown code of the file /deal/noteid/note. The manipulation of the argument notes leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to th...

BELL-CVE-2024-46718

Bulletin has no description...

CVE-2024-0067

creationtimestamp| type| source ---|---|--- 2024-09-10 07:32:33+00:00| seen| https://t.me/cvedetector/5173...

CVE-2024-40643

Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag...

CVE-2024-40643 Joplin has a parsing error leading to Cross-site Scripting (XSS)

Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag...