CVE-2024-9539

An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to uplo...

CVE-2024-52558

The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program...

CVE-2024-8770

A Cross-Site Scripting XSS vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version...

CVE-2024-42061

A reflected cross-site scripting XSS vulnerability in the CGI program "dynamicscript.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN seri...

CVE-2024-6337

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...

CVE-2024-33043

Transient DOS while handling PS event when Program Service name length offset value is set to 255...

CVE-2024-0507

An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, an...

CVE-2024-33687

Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the alteration...

CVE-2024-12454

The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject...

CVE-2024-30212

If a SCSI READ10 command is initiated via USB using the largest LBA 0xFFFFFFFF with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works to wri...

CVE-2024-21843

Uncontrolled search path for some IntelR Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-31226

Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named C:\Program.exe, C:\Program.bat, or C:\Program.cmd on the user's computer. This...

CVE-2024-51491

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go...

CVE-2024-6395

An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability...

CVE-2024-31179

Out-of-bounds Read vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::of13::TableFeaturePropInstruction::unpack. This issue affects libfluid: 0.1.0...

CVE-2024-4403

A Cross-Site Request Forgery CSRF vulnerability exists in the restartprogram function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF...

SUSE-SU-2025:20354-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching bsc1242006. - CVE-2024-35840: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconne...

CVE-2024-11586

Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected...

CVE-2023-28399

Incorrect permission assignment for critical resource exists in CONPROSYS HMI System CHS versions prior to 3.5.3. ACL Access Control List is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC whe...

CVE-2023-0811

Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII...