207 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-43802
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not...
IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations
Summary ZITADEL's Admin API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While several endpoints are affected, the most critical vulnerability lies in the ability to manipulate LDAP...
CVE-2025-1741
A vulnerability classified as problematic was found in b1gMail up to 7.4.1-pl1. Affected by this vulnerability is an unknown functionality of the file src/admin/users.php of the component Admin Page. The manipulation of the argument query/q leads to deserialization. The attack can be launched...
CVE-2022-39344
Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. Prior to version 6.1.12, the USB DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this m...
CVE-2022-39268
Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user...
CVE-2025-22601
CVE-2025-22601 affects Discourse via the activate-account route; a crafted link could cause a target user to modify their own username. The issue is tied to a client-side path traversal in affected Discourse releases. According to sources, the vulnerability has been patched in the latest Discours...
CVE-2024-13129 Roxy-WI roxy.py action_service os command injection
A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by this vulnerability is the function actionservice of the file app/modules/roxywi/roxy.py. The manipulation of the argument action/service leads to os command injection. The attack can be launched...
CVE-2024-56333 Remote code execution in onyxia-api
Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential...
PT-2024-37029
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description The issue is related to the net: mscc: ocelot: fix incorrect IFH SRC PORT field in ocelot ifh set basic function. Packets injected by the CPU should have a SRC PORT field equal to the CPU port...
PT-2024-33663 · Frappe +1 · Press
Name of the Vulnerable Software and Affected Versions: Press versions prior to commit 5d118a902872d7941f099ad1fb918e2421e79ccd Description: The issue allows a user to inject HTML through SaaS signup inputs, which could affect the user themselves but not other users. Recommendations: For versions...
SUSE CVE-2024-47887
Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...
PT-2024-7991 · Progress · Progress Telerik Reporting
Name of the Vulnerable Software and Affected Versions: Progress Telerik Reporting versions prior to 2024 Q3 18.2.24.924 Description: The issue is related to the insecure type resolution vulnerability in Progress Telerik Reporting, allowing for object injection and potentially enabling a remote...
PT-2024-6304 · Ivanti · Ivanti Cloud Services Appliance
The vulnerable software is Ivanti Cloud Services Appliance, specifically versions 4.6 Patch 518 and earlier. An OS command injection vulnerability in these versions allows a remote authenticated attacker to obtain remote code execution, but the attacker must have admin level privileges to exploit...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-50313)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...
UBUNTU-CVE-2024-45306
Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop ...
PT-2024-13957 · Nocodb · Nocodb
Name of the Vulnerable Software and Affected Versions: NocoDB versions 0.202.6 through 0.202.9 Description: The issue allows an attacker to upload a html file with malicious content. If a user tries to open that file in a browser, malicious scripts can be executed, leading to a stored cross-site...
PT-2024-23613 · Unknown · Zephyr Rtos
Name of the Vulnerable Software and Affected Versions: Zephyr RTOS versions prior to 3.6 Description: The issue allows a malicious BLE device to crash a BLE victim device by sending a malformed gatt packet. This can be exploited for local attacks. Network segmentation can help mitigate the risk...
PT-2024-2215
Name of the Vulnerable Software and Affected Versions Spring Security versions 5.7.x prior to 5.7.12 Spring Security versions 5.8.x prior to 5.8.11 Spring Security versions 6.0.x prior to 6.0.9 Spring Security versions 6.1.x prior to 6.1.8 Spring Security versions 6.2.x prior to 6.2.3 Bitbucket...
PT-2023-31352
Name of the Vulnerable Software and Affected Versions Nextcloud iOS Files app versions prior to 4.9.2 Description The issue affects the Nextcloud iOS Files app, which is used to interact with the Nextcloud self-hosted productivity platform. It allows the application to be used without providing t...
CVE-2023-6817
A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The function nftpipapowalk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO Pile Packet Policies elements, leadi...