CVE-2024-34391 libxmljs attrs type confusion RCE

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop a...

CVE-2024-34391 libxmljs attrs type confusion RCE

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop a...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134 CVE-2022-26134 - Confluence Pre-Auth RCE | OGNL...

CVE-2024-4128

The CVE-2024-4128 issue affects the Firebase tools emulator suite (firebase-tools). A CSRF vulnerability exists via the export endpoint that can allow a malicious website to exfiltrate emulator data when a user with the emulator open visits the site if localhost calls are possible. Affected compo...

Mongo-Express < 0.54.0 RCE

The version of the mongo-express Node.js module installed on the remote host is prior to 0.54.0. It is, therefore, affected by a remote code execution vulnerability via endpoints that use the 'toBSON' method. A misuse of the vm dependency allows performing 'exec' commands in a non-safe environmen...

Fedora 40 : ruby (2024-14db7b21a2)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-14db7b21a2 advisory. Upgrade to Ruby 3.3.1. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Exploit for SQL Injection in Valvepress Automatic

CVE-2024-27956-RCE A PoC for CVE-2024-27956, a SQL Injection i...

Important: Red Hat Security Advisory: shim security update

An update for shim is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

RHEL 8 : Jenkins and Jenkins-2-plugins (RHSA-2024:0778)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0778 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

RHEL 8 : Satellite 6.12.1 Async Security Update (Critical) (RHSA-2023:0261)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0261 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

RHEL 8 : OpenShift Container Platform 4.9.59 (RHSA-2023:1524)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:1524 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud...

RHEL 7 / 8 : Satellite 6.11.5 Async Security Update (Critical) (RHSA-2023:1151)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1151 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessit...

RHEL 8 : Red Hat Product OCP Tools 4.12 Openshift Jenkins (RHSA-2023:6172)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6172 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2024:0777)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0777 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

RHEL 8 : Satellite 6.13.5 Async Security Update (Important) (RHSA-2023:5931)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5931 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

CVE-2024-32878

Summary: CVE-2024-32878 affects llama.cpp (C/C++) with a use of an uninitialized heap variable in gguf_init_from_file. The vulnerability can cause a crash (DoS) and may allow arbitrary code execution if an attacker crafts input. The issue has been patched in commit b2740. What’s affected (based o...

CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication...

CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication...

CVE-2024-22633

Setor Informatica Sistema Inteligente para Laboratorios S.I.L. 388 was discovered to contain a remote code execution RCE vulnerability via the hprinter parameter. This vulnerability is triggered via a crafted POST request...

Exploit for Injection in Arjunsharda Searchor

CVE-2023-43364-Exploit-CVE This is a python script to exploit...