30456 matches found
PT-2024-36379 · Apple · Macos Sonoma +7
Name of the Vulnerable Software and Affected Versions: watchOS versions prior to 11.2 tvOS versions prior to 18.2 macOS Sequoia versions prior to 15.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 macOS Ventura versions prior to 13.7.2 macOS Sonoma versions prior to 14.7.2 Description:...
php:8.2 security update
libzip php 8.2.25-1 - rebase to 8.2.25 RHEL-66166 php-pear php-pecl-apcu php-pecl-rrd php-pecl-xdebug3 php-pecl-zip...
CVE-2024-55602
PwnDoc vulnerability CVE-2024-55602 allows an authenticated user who can update and download templates to perform path traversal ("../") in the file extension field, enabling arbitrary file reads on the host. The issue is triggered prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, which i...
CVE-2024-55602 PenDoc vulnerable to Arbitrary File Read on updating and downloading templates using Path Traversal
PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal ../ sequences into the file extension property to read arbitrary files on the system. Commit...
GHSA-VMG2-R3XV-R3XF Simulation of Wasmd message can cause crashing
CWA-2024-009 Severity Low Marginal + Likely^1 Affected versions: - wasmd 0.53.1 Patched versions: - wasmd 0.53.2 please note that wasmd 0.53.1 is broken and must not be used Description of the bug Blank for now. We'll add more detail once chains had a chance to upgrade. Mitigations Apart from...
GHSA-5462-4VCX-JH7J Angular Expressions - Remote Code Execution when using locals
Impact An attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. Example of vulnerable code: js const expressions = require"angular-expressions"; const result = expressions.compile"proto.constructor", ; // result should be undefined, however fo...
Angular Expressions - Remote Code Execution when using locals
Impact An attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. Example of vulnerable code: js const expressions = require"angular-expressions"; const result = expressions.compile"proto.constructor", ; // result should be undefined, however fo...
CVE-2024-54152 Angular Expressions - Remote Code Execution when using locals
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...
CVE-2024-54152 Angular Expressions - Remote Code Execution when using locals
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...
CVE-2024-54152
CVE-2024-54152 affects angular-expressions (Angular Expressions) prior to version 1.4.3. A malicious expression can escape the sandbox and enable arbitrary code execution; a more complex payload may grant full control. The issue is fixed in 1.4.3. Workarounds include disabling global access to pr...
CVE-2024-54152 Angular Expressions - Remote Code Execution when using locals
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...
Security Advisory Ivanti Cloud Services Application (CSA) (CVE-2024-11639, CVE-2024-11772, CVE-2024-11773)
Summary Ivanti has released updates for Ivanti Cloud Services Application which addresses medium, high and critical vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: CVE Number | Description | CVSS Score...
PT-2025-26186
Name of the Vulnerable Software and Affected Versions Pterodactyl versions prior to 1.11.11 Description An unauthenticated malicious actor can execute arbitrary code by using the '/locales/locale.json' endpoint with the locale and namespace query parameters. This flaw allows for complete server...
PT-2024-9328
Name of the Vulnerable Software and Affected Versions Windows Lightweight Directory Access Protocol LDAP versions prior to the fixed version Description The vulnerability is related to an integer overflow in the Windows Lightweight Directory Access Protocol LDAP service, allowing remote attackers...
Simulation of Wasmd message can cause crashing
CWA-2024-009 Severity Low Marginal + Likely^1 Affected versions: - wasmd 0.53.1 Patched versions: - wasmd 0.53.2 please note that wasmd 0.53.1 is broken and must not be used Description of the bug Blank for now. We'll add more detail once chains had a chance to upgrade. Mitigations Apart from...
Panic in wasmvm can slow down block production
CWA-2024-008 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.1.0, = 2.0.0, = 2.1.0, = 2.0.0, query wasm libwasmvm-version. It must show 1.5...
CVE-2024-55601
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...
CVE-2024-55601 Hugo does not escape some attributes in internal templates
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...
Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion
Impact Affected versions of Winter CMS allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such as theme customisation values or modify, or remove, templates in the theme even if not provided direct access vi...
CVE-2024-55579
An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An unprivileged user with network access may be able to create connection objects that trigger execution of arbitrary EXE files. This is fixed in November 2024 IR, May 2024 Patch 10, February 2024 Patch 14,...