CVE-2024-24816

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The...

CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature

Affected packages The vulnerability has been discovered in the samples that use the preview feature: samples/old//.html plugins/plugin name/samples//.html All integrators that use these samples in the production code can be affected. Impact A potential vulnerability has been discovered in one of...

CVE-2024-24594

A cross-site scripting XSS vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI...

Cross site scripting

A cross-site scripting XSS vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI...

CVE-2024-24594

A cross-site scripting XSS vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI...

CVE-2024-24594

A cross-site scripting XSS vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI...

Allegro Cross-Site Scripting Vulnerability

Allegro is a cross-platform library open-sourced by Allegro primarily for video game and multimedia programming. A security vulnerability exists in Allegro AI ClearML. An attacker can exploit this vulnerability to execute a JavaScript payload when a user views the "Debug Samples" tab in the Web U...

PT-2024-20476 · Allegro Ai · Clearml

Name of the Vulnerable Software and Affected Versions: Allegro AI's ClearML platform affected versions not specified Description: A cross-site scripting XSS vulnerability in the web server component of Allegro AI's ClearML platform allows a remote attacker to execute a JavaScript payload when a...

AZL-62324 CVE-2023-5841 affecting package OpenEXR 2.3.0-6

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2...

UBUNTU-CVE-2023-5841

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2...

Voice Cloning with Very Short Samples

New research demonstrates voice cloning, in multiple languages, using samples ranging from one to twelve seconds. Research paper...

MAL-2024-69 Malicious code in automation.samples (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a774b4130cbf36652fae63dee86aee2c0c60eeb25dd5be05dbe22c5a2dc1eab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in automation.samples (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a774b4130cbf36652fae63dee86aee2c0c60eeb25dd5be05dbe22c5a2dc1eab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Surging JavaScript Threats Steal Your Secrets

Summary: The threat actors utilize malicious JavaScript samples, taking advantage of popular survey sites, low-quality hosting, and web chat APIs to steal sensitive information. They create chatbots registered under notable figures, like an Australian footballer, in specific campaigns...

CVE-2023-6863

creationtimestamp| type| source ---|---|--- 2024-01-04 07:52:04+00:00| seen| https://t.me/ctinow/162817 2024-01-12 20:52:07+00:00| seen| https://t.me/ctinow/167506 2024-01-12 21:17:15+00:00| seen| https://t.me/ctinow/167528...

OESA-2023-1931 sox security update

SoX is a cross-platform Windows, Linux, MacOS X, etc. command line utility that can convert various formats of computer audio files in to other formats. It can also apply various effects to these sound files, and, as an added bonus, SoX can play and record audio files on most platforms. Security...

IT threat evolution Q3 2023

IT threat evolution in Q3 2023 IT threat evolution in Q3 2023. Non-mobile statistics IT threat evolution in Q3 2023. Mobile statistics Targeted attacks Unknown threat actor targets power generator with DroxiDat and Cobalt Strike Earlier this year, we reported on a new variant of SystemBC called...

PT-2023-30581 · Cksource +1 · Ckeditor +1

Name of the Vulnerable Software and Affected Versions: CKEditor versions 4.15.1 and earlier CKEditor versions prior to 4.24.0-lts Description: A Cross-Site scripting issue has been found in CKSource CKEditor. An attacker could send malicious javascript code through the "samples/old/ajax.html" fil...

CKEditor Security Vulnerabilities

CKEditor is an open source, web-based text editor. A security vulnerability exists in CKEditor 4.15.1 and earlier versions, which stems from the presence of a cross-site scripting vulnerability that allows an attacker to send malicious JavaScript code and retrieve information about an authorized...

CVE-2023-48011

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flushrefsamples function at /gpac/src/isomedia/moviefragments.c...