CVE-2024-51735 Stored Cross-site Scripting to RCE on Osmedeus Web Server

Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scripting XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. When using a workflow that contains the summary module, it generates reports in HTML and Markdow...

CVE-2024-50333 RCE in ModuleBuilder in SuiteCRM

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels function can be used to write attacker-controlled data into the custom language file that will be includ...

Exploit for Code Injection in Vmware Spring_Framework

Expoitation-de-la-vuln-rabilit-CVE-2022-22965 La vulnérabilité...

Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE

Summary XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. Details When using a workflow that contains the summary module, it generates reports in HTML and Markdown formats. The default report is based on the...

GHSA-WVV7-WM5V-W2GV Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE

Summary XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. Details When using a workflow that contains the summary module, it generates reports in HTML and Markdown formats. The default report is based on the...

Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices

Taiwanese network-attached storage NAS appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Ow...

Exploit for Code Injection in Ejs

THM Challenge: SSTI RCE...

GHSA-5P5R-57FX-PMFR Langflow vulnerable to remote code execution

langflow =1.0.18 is vulnerable to Remote Code Execution RCE as any component provided the code functionality and the components run on the local machine rather than in a sandbox...

Security Bulletin: IBM DataPower Gateway potentially vulnerable to RCE vulnerability

Summary IBM DataPower Gateway does not support the affected character-set. Out of an abundance of caution, IBM has applied the remediation for this CVE. Vulnerability Details CVEID:CVE-2024-2961 DESCRIPTION: GNU C Library could allow a remote attacker to execute arbitrary code on the system, caus...

CVE-2024-51661 WordPress Media Library Assistant plugin <= 3.19 - Remote Code Execution (RCE) vulnerability

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Command Injection.This issue affects Media LIbrary Assistant: from n/a through = 3.19...

RCE (Remote Code Execution) org.apache.avro:avro Dependency in Bamboo Data Center and Server

This High severity org.apache.avro:avro Dependency vulnerability was introduced in versions 9.2.1, 9.6.0, and 10.0.0-rc3 of Bamboo Data Center and Server. This org.apache.avro:avro Dependency vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L...

CVE-2024-51774

A flaw was found in qBittorrent's DownloadManager component. This vulnerability allows remote code execution via improper validation of SSL/TLS certificates, enabling attackers to perform man-in-the-middle and RCE attacks...

Exploit for Missing Authentication for Critical Function in Cyberpanel

CVE-2024-51567 Exploit Script CVE-2024-51567 is a Python...

CVE-2024-48359

Qualitor v8.24 was discovered to contain a remote code execution RCE vulnerability via the gridValoresPopHidden parameter...

CVE-2023-52044

Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution RCE as there is no restriction for uploading files with the .php8 extension...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.37 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.37 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

CVE-2024-48359

Qualitor v8.24 was discovered to contain a remote code execution RCE vulnerability via the gridValoresPopHidden parameter...

CVE-2024-48359

Qualitor v8.24 was discovered to contain a remote code execution RCE vulnerability via the gridValoresPopHidden parameter...

CVE-2024-48359

Qualitor v8.24 contains a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter. Affected software is Qualitor (v8.24); underlying root cause is not detailed in the provided documents. Impact is high (CVE-2024-48359, CVSS 3.1: 9.8). Remediation/status: PT-Security notes...

Important: httpd24

Issue Overview: Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE CVE-2020-11984 Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to...