EUVD-2023-48034

EVE Doesn't Protect Config Partition with Measured Boot...

EUVD-2023-50024

Malicious code in bioql PyPI...

EUVD-2023-54103

Malicious code in bioql PyPI...

CVE-2024-55912 IBM Concert Software information disclosure

IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-54158

In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding...

CVE-2024-51500 Failure to check for packets from the broadcast address allows potential DDoS amplification attack in Meshtastic firmware

Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address 0xFFFFFFFF which could result in unexpected behavior and potential for DDoS attacks on the network. A malicious actor could cra...

CVE-2024-9798

The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers...

ALSA-2024:5258 Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in Request.ParseMultipartForm...

CVE-2024-41990

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters...

CVE-2024-41990

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters...

TYPO3 Information Disclosure of Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party extensions...

CVE-2024-2757

In PHP 8.3. before 8.3.5, function mbencodemimeheader runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function...

CVE-2024-30215

SAP Business Connector is affected by CVE-2024-30215, a cross-site scripting (XSS) vulnerability on the Resource Settings page. The issue allows a high-privilege attacker to load an exploitable payload that is stored and reflected when users visit the page, with potential information disclosure o...

CVE-2023-50777

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

Cross Site Scripting (XSS)

quill-mention is vulnerable to Cross Site Scripting. The vulnerability is due to mention.js and quill.mention.js as there is no escaping or sanitization for the list items which are rendered using innerHTML. This allows an attacker to insert a malicious script in innerHTML. When the script is...

Molongui < 4.6.20 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

ProfileGrid < 5.5.2 - Subscriber+ Arbitrary Option Update

Description The plugin does not implement an adequate capability check on the 'profilemagicchecksmtpconnection' function, making it possible for authenticated users with subscriber-level permissions or above to arbitrarily update the site options, leading to potential privilege escalation...

GSD-2023-1002046 ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()

ALSA: hda/via: Avoid potential array out-of-bound in addsecretdacpath This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.93 by commit...

CVE-2022-23507 Light client verification not taking into account chain ID

Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Versions prior to 0.28.0 contain a potential attack via Improper Verification of Cryptographic Signature, affecting anyone using the tendermint-light-client and related packages to perform ligh...

GSD-2022-1007938 riscv: process: fix kernel info leakage

riscv: process: fix kernel info leakage This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.79 by commit...