CVE-2024-33870

An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal via a crafted PostScript document to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ i...

CVE-2024-33871

CVE-2024-33871 affects Artifex Ghostscript prior to 10.03.1. The issue is in contrib/opvp/gdevopvp.c where the Driver parameter for opvp (and oprp) devices can specify an arbitrary dynamic library name, which is then loaded when processing a crafted PostScript document. This allows arbitrary code...

CBL Mariner 2.0 Security Update: azure-iot-sdk-c (CVE-2024-27099)

The version of azure-iot-sdk-c installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27099 advisory. - The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an...

CVE-2024-38473

A flaw was found in the modproxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication. Mitigation Mitigation for this issue is either not available or the currently available optio...

CVE-2024-38473

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

CVE-2024-38473 Apache HTTP Server proxy encoding problem

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

CVE-2024-38473 Apache HTTP Server proxy encoding problem

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: DoS by Null pointer in websocket over HTTP/2 CVE-2024-36387 Low. Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. Proxy encoding problem...

PT-2024-12862 · WordPress · Goya Theme For Wordpress

Name of the Vulnerable Software and Affected Versions: Goya theme for WordPress versions up to, and including, 1.0.8.7 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject...

CVE-2021-3079

Technical details for CVE-2021-3079 are not publicly available in the provided documents; monitor for updates.

CVE-2024-22231

CVE-2024-22231 affects Salt: Syndic cache directory creation is vulnerable to directory traversal during cache dir creation on the Salt master, enabling an attacker to create arbitrary directories. Reported across multiple advisories (Gentoo GLSA 202412-09; SUSE-SU-2024:1518-1; Debian/Ubuntu/NVD ...

Malicious code in Be.Vlaandеren.Basisrеgіstеrs.ProblemDetails (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaaոderen.Basisregisters.Middleware.AdԁProblemJsonHeader (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaaոdеren.Basisregisters.Middlewarе.AdԁProblemJsonHeader (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an authentication problem in the tipc module...

CVE-2023-38393

CVE-2023-38393 is a vulnerability in WordPress Ninja Forms plugin versions ≤ 3.6.25, described as Missing Authorization / Broken Access Control. The issue permits a user with Subscriber/Contributor roles to perform an unauthorized action (export of all Ninja Forms submissions) due to a broken acc...

CVE-2023-38386

CVE-2023-38386 affects the WordPress Ninja Forms plugin, specifically versions up to 3.6.25, due to a Missing Authorization/Broken Access Control issue in the form submissions export feature. Root cause involves insufficient access restrictions allowing certain users to export submissions. The CV...

CVE-2023-35049

CVE-2023-35049 affects the WordPress WooCommerce Stripe Payment Gateway plugin

CVE-2023-44148

CVE-2023-44148 affects the WordPress Astra Bulk Edit plugin (

CVE-2023-44151

The CVE-2023-44151 entry corresponds to a Broken Access Control vulnerability in the WordPress Pre-Publish Checklist plugin (versions ≤ 1.1.1). The root cause is missing authorization/authentication validation, enabling access control bypass related to the Pre-Publish Checklist feature. Affected ...