CVE-2024-1574

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 a...

CVE-2024-1574

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 a...

CVE-2024-1574

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 a...

CVE-2024-1574

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 a...

CVE-2024-1574

CVE-2024-1574 is an Unsafe Reflection vulnerability in the licensing service of ICONICS/Mitsubishi Electric products. Affected: ICONICS GENESIS64 and ICONICS Suite (GENESIS64, Hyper Historian, AnalytiX, MobileHMI) up to version 10.97.2; ICONICS GENESIS32/BizViz lines up to 9.7; MC Works64 all ver...

PT-2024-8945

Name of the Vulnerable Software and Affected Versions: ICONICS GENESIS64 versions 10.97 to 10.97.2 Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 Mitsubishi Electric MC Works64 all versions Description: The issue is related to the use of externally-controlled input to select classes or...

CVE-2024-36423 GHSL-2023-246: Flowise xss in /api/v1/public-chatflows/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/public-chatflows/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to...

Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update E)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.0 ATTENTION : Exploitable remotely Vendor : ICONICS, Mitsubishi Electric Equipment : ICONICS Product Suite Vulnerabilities : Allocation of Resources Without Limits or Throttling, Improper Neutralization, Uncontrolled Search Path Element, Improper...

The Bug Report - June 2024 Edition

The Bug Report - June 2024 Edition By Jonathan Omakun & Tobi Olawale · June 27, 2024 Why am I Here Welcome back to The Bug Report, the "so hot the server fans are sweating" edition! For those who are new to our monthly adventure, every month, our dedicated Advanced Research Center vulnerability...

CVE-2024-25637

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...

PT-2024-7454 · Hewlett Packard · Hp Designjet

Name of the Vulnerable Software and Affected Versions: HP DesignJet products affected versions not specified Description: The issue is related to a credential reflection vulnerability in the SMTP Server Credential Handler component of HP DesignJet products' firmware. This vulnerability is...

Unsafe Reflection in base Component class

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as '. Internally this is done using the set magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject$value. However, ther...

Cross-site Scripting

Overview Affected versions of this package are vulnerable to Cross-site Scripting through the dynamic setting of form legends in administrative interfaces. An attacker can execute arbitrary scripts in the context of the administrator's session by injecting malicious content into form fields that...

GHSA-CJCC-P67M-7QXM Unsafe Reflection in base Component class in yiisoft/yii2

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as '. Internally this is done using the set magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject$value. However, ther...

Unsafe Reflection in base Component class in yiisoft/yii2

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as '. Internally this is done using the set magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject$value. However, ther...

OESA-2024-1667 infinispan security update

Infinispan is an extremely scalable, highly available data grid platform - 100% open source, and written in Java. The purpose of Infinispan is to expose a data structure that is highly concurrent, designed ground-up to make the most of modern multi-processor/multi-core architectures while at the...

GHSA-VH7Q-J8P5-2H4H silverstripe/framework sends passwords back to browsers under some circumstances

Under some circumstances a form may populate a PasswordField with submitted data, reflecting submitted data back to a user. The user will only see their own submissions for password data, which is not considered best practice. We are not aware of data leaks to other users, devices or sessions...

PT-2024-40479 · Osv · Osv

Name of the Vulnerable Software and Affected Versions: OSV affected versions not specified Description: The issue concerns a form that may populate a PasswordField with submitted data, reflecting it back to the user. This behavior is not considered best practice, as it may expose the user's own...

Commons-BeanUtils: Improper Access Restriction

Background Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs Description A vulnerability has been discovered in Commons-BeanUtils. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifiers for details...

CVE-2024-32887

Sidekiq is simple, efficient background processing for Ruby. Sidekiq is reflected XSS vulnerability. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the application. An attacker could exploit it t...