Lucene search
K

30456 matches found

Positive Technologies
Positive Technologies
added 2024/12/11 12:0 a.m.6 views

PT-2024-36379 · Apple · Macos Sonoma +7

Name of the Vulnerable Software and Affected Versions: watchOS versions prior to 11.2 tvOS versions prior to 18.2 macOS Sequoia versions prior to 15.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 macOS Ventura versions prior to 13.7.2 macOS Sonoma versions prior to 14.7.2 Description:...

5.5CVSS6AI score0.0324EPSS
Exploits0References15
Oracle linux
Oracle linux
added 2024/12/11 12:0 a.m.259 views

php:8.2 security update

libzip php 8.2.25-1 - rebase to 8.2.25 RHEL-66166 php-pear php-pecl-apcu php-pecl-rrd php-pecl-xdebug3 php-pecl-zip...

7.5CVSS7.3AI score0.3786EPSS
Exploits5
CVE
CVE
added 2024/12/10 4:58 p.m.66 views

CVE-2024-55602

PwnDoc vulnerability CVE-2024-55602 allows an authenticated user who can update and download templates to perform path traversal ("../") in the file extension field, enabling arbitrary file reads on the host. The issue is triggered prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, which i...

8.5CVSS7.4AI score0.00669EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/12/10 4:58 p.m.12 views

CVE-2024-55602 PenDoc vulnerable to Arbitrary File Read on updating and downloading templates using Path Traversal

PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal ../ sequences into the file extension property to read arbitrary files on the system. Commit...

7.6CVSS6.7AI score0.00669EPSS
Exploits1References7
OSV
OSV
added 2024/12/10 4:55 p.m.8 views

GHSA-VMG2-R3XV-R3XF Simulation of Wasmd message can cause crashing

CWA-2024-009 Severity Low Marginal + Likely^1 Affected versions: - wasmd 0.53.1 Patched versions: - wasmd 0.53.2 please note that wasmd 0.53.1 is broken and must not be used Description of the bug Blank for now. We'll add more detail once chains had a chance to upgrade. Mitigations Apart from...

7AI score
Exploits0References2
OSV
OSV
added 2024/12/10 4:54 p.m.12 views

GHSA-5462-4VCX-JH7J Angular Expressions - Remote Code Execution when using locals

Impact An attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. Example of vulnerable code: js const expressions = require"angular-expressions"; const result = expressions.compile"proto.constructor", ; // result should be undefined, however fo...

9.3CVSS9.7AI score0.02257EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/12/10 4:54 p.m.38 views

Angular Expressions - Remote Code Execution when using locals

Impact An attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. Example of vulnerable code: js const expressions = require"angular-expressions"; const result = expressions.compile"proto.constructor", ; // result should be undefined, however fo...

9.3CVSS7.9AI score0.02257EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/12/10 3:37 p.m.35 views

CVE-2024-54152 Angular Expressions - Remote Code Execution when using locals

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...

9.3CVSS0.02257EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/10 3:37 p.m.19 views

CVE-2024-54152 Angular Expressions - Remote Code Execution when using locals

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...

9.3CVSS8.2AI score0.02257EPSS
Exploits0References2
CVE
CVE
added 2024/12/10 3:37 p.m.70 views

CVE-2024-54152

CVE-2024-54152 affects angular-expressions (Angular Expressions) prior to version 1.4.3. A malicious expression can escape the sandbox and enable arbitrary code execution; a more complex payload may grant full control. The issue is fixed in 1.4.3. Workarounds include disabling global access to pr...

9.3CVSS7.6AI score0.02257EPSS
Exploits0References2
OSV
OSV
added 2024/12/10 3:37 p.m.16 views

CVE-2024-54152 Angular Expressions - Remote Code Execution when using locals

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...

9.3CVSS9.2AI score0.02257EPSS
Exploits0References4
Ivanti
Ivanti
added 2024/12/10 3:0 p.m.24 views

Security Advisory Ivanti Cloud Services Application (CSA) (CVE-2024-11639, CVE-2024-11772, CVE-2024-11773)

Summary Ivanti has released updates for Ivanti Cloud Services Application which addresses medium, high and critical vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: CVE Number | Description | CVSS Score...

10CVSS9.2AI score0.23598EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/12/10 12:0 a.m.10 views

PT-2025-26186

Name of the Vulnerable Software and Affected Versions Pterodactyl versions prior to 1.11.11 Description An unauthenticated malicious actor can execute arbitrary code by using the '/locales/locale.json' endpoint with the locale and namespace query parameters. This flaw allows for complete server...

10CVSS7.6AI score0.13105EPSS
Exploits28References23
Positive Technologies
Positive Technologies
added 2024/12/10 12:0 a.m.5 views

PT-2024-9328

Name of the Vulnerable Software and Affected Versions Windows Lightweight Directory Access Protocol LDAP versions prior to the fixed version Description The vulnerability is related to an integer overflow in the Windows Lightweight Directory Access Protocol LDAP service, allowing remote attackers...

10CVSS10AI score0.70906EPSS
Exploits3References153
GitLab Advisory Database
GitLab Advisory Database
added 2024/12/10 12:0 a.m.9 views

Simulation of Wasmd message can cause crashing

CWA-2024-009 Severity Low Marginal + Likely^1 Affected versions: - wasmd 0.53.1 Patched versions: - wasmd 0.53.2 please note that wasmd 0.53.1 is broken and must not be used Description of the bug Blank for now. We'll add more detail once chains had a chance to upgrade. Mitigations Apart from...

7AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/12/10 12:0 a.m.8 views

Panic in wasmvm can slow down block production

CWA-2024-008 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.1.0, = 2.0.0, = 2.1.0, = 2.0.0, query wasm libwasmvm-version. It must show 1.5...

7AI score
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2024/12/09 9:11 p.m.13 views

CVE-2024-55601

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...

5.3CVSS5.8AI score0.00563EPSS
Exploits0
OSV
OSV
added 2024/12/09 9:11 p.m.8 views

CVE-2024-55601 Hugo does not escape some attributes in internal templates

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...

5.3CVSS5.3AI score0.00563EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/12/09 8:41 p.m.23 views

Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion

Impact Affected versions of Winter CMS allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such as theme customisation values or modify, or remove, templates in the theme even if not provided direct access vi...

8.4CVSS7AI score0.00397EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/12/09 3:15 a.m.15 views

CVE-2024-55579

An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An unprivileged user with network access may be able to create connection objects that trigger execution of arbitrary EXE files. This is fixed in November 2024 IR, May 2024 Patch 10, February 2024 Patch 14,...

8.8CVSS0.00477EPSS
Exploits0References1
Rows per page
Query Builder