28972 matches found
curl: Format string vulnerability, curl_msnprintf() function
Summary: A vulnerability has been identified in the curl library’s formatted output functions specifically in curlmsnprintf and its related functions. When a malicious attacker-controlled format string containing the %hn conversion specifier is passed, the function incorrectly attempts to write t...
Zyxel DSL CPE OS Command Injection Vulnerability
Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request...
Azure Linux 3.0 Security Update: kernel (CVE-2024-42246)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42246 advisory. - In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remap EPERM in case of...
[SECURITY] Fedora 40 Update: stalld-1.19.8-1.fc40
The stalld program monitors the set of system threads, looking for threads that are ready-to-run but have not been given processor time for some threshold period. When a starving thread is found, it is given a temporary boost using the SCHEDDEADLINE policy. The default is to allow 10 microseconds...
[SECURITY] Fedora 41 Update: stalld-1.19.8-1.fc41
The stalld program monitors the set of system threads, looking for threads that are ready-to-run but have not been given processor time for some threshold period. When a starving thread is found, it is given a temporary boost using the SCHEDDEADLINE policy. The default is to allow 10 microseconds...
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 27, 2025 to February 2, 2025)
Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...
Exciting updates to the Copilot (AI) Bounty Program: Enhancing security and incentivizing innovation
At Microsoft, we are committed to fostering a secure and innovative environment for our customers and users. As part of this commitment, we are thrilled to announce significant updates to our Copilot AI Bounty Program. These changes are designed to enhance the program's effectiveness, incentivize...
trojan 安全漏洞
trojan is a multi-user administration and deployment program by Jrohy Individual Developer, supporting web page administration. A security vulnerability exists in trojan versions v.2.0.0 through v.2.15.3, which is caused by elevation of privilege via the initialization interface /auth/register...
CVE-2022-46163
Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...
CVE-2020-7880
The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX...
CVE-2024-25100
Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program allows Object Injection.This issue affects Coupon Referral Program: from n/a before 1.8.4...
CVE-2024-21682
This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...
CVE-2024-21690
This High severity Reflected XSS and CSRF Cross-Site Request Forgery vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and 8.9.0 of Confluence Data Center and Server. This Reflected XSS and CSRF Cross-Site Request Forgery...
CVE-2024-21689
This High severity RCE Remote Code Execution vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute...
CVE-2024-3646
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulnerability required access to the GitHub...
Exploit for Path Traversal in Gradio_Project Gradio
CVE-2024-1728 CVE-2024-1728 POC A serious vulnerability has be...
CVE-2024-5746
A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...
CVE-2024-1374
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. Exploitation of this vulnerability required acce...
CVE-2024-1355
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...
CVE-2024-1359
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise...