Lucene search
K

30456 matches found

NVD
NVD
added 2024/11/05 7:15 p.m.29 views

CVE-2024-50335

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. The "Publish Key" field in SuiteCRM's Edit Profile page is vulnerable to Reflected Cross-Site Scripting XSS, allowing an attacker to inject malicious JavaScript code. This can be exploited to...

5.4CVSS0.00299EPSS
Exploits1References1
PyPA
PyPA
added 2024/11/05 7:15 p.m.8 views

PYSEC-2024-201

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a victim into clicking on...

6.1CVSS6.1AI score0.00265EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/11/05 6:42 p.m.56 views

CVE-2024-50335

The CVE-2024-50335 issue affects SuiteCRM where the Publish Key field in the Edit Profile page is vulnerable to Reflected XSS, enabling an attacker to inject JavaScript and steal CSRF tokens to forge requests that create new administrative users without authentication. Root cause is insufficient ...

5.4CVSS5AI score0.00299EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/11/05 6:17 p.m.12 views

CVE-2024-51493 API key access in settings without reauthentication in OctoPrint

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...

5.3CVSS6.2AI score0.00282EPSS
Exploits0References3
OSV
OSV
added 2024/11/05 5:34 p.m.10 views

GHSA-V2QH-F584-6HJ8 @workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled

Impact Refresh tokens are logged to the console when the disabled by default debug flag, is enabled. Patches Patched in https://github.com/workos/authkit-remix/releases/tag/v0.4.1...

2CVSS6.3AI score0.00215EPSS
Exploits0References5
CVE
CVE
added 2024/11/05 5:10 p.m.110 views

CVE-2024-50118

CVE-2024-50118 relates to the Linux kernel Btrfs remount/RW reconfiguration path. The issue arises during mounting different subvolumes with conflicting RO/RW flags: an initial read-only mount (ro) followed by an attempt to remount a subvolume as read/write, with options/feature checks being skip...

5.5CVSS5.2AI score0.00186EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/11/05 5:10 p.m.168 views

CVE-2024-50106

The CVE-2024-50106 entry concerns the Linux kernel (nfsd) and describes a race between laundromat handling revoked delegations and a client issuing free_stateid, which can lead to a use-after-free of a delegation stateid if a new open finds a non-empty lease list and dereferences a freed stateid....

7.8CVSS6.2AI score0.00213EPSS
Exploits0References2Affected Software1
Oracle linux
Oracle linux
added 2024/11/05 12:0 a.m.320 views

kernel security update

4.18.0-553.27.110.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

9.8CVSS7.7AI score0.01483EPSS
Exploits0
OSV
OSV
added 2024/11/04 12:0 a.m.15 views

ALSA-2024:8793 Moderate: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser CVE-2024-10464 firefox: thunderbird: XSS due to Content-Disposition being ignored in...

9.8CVSS8.7AI score0.00815EPSS
Exploits0References22
OSV
OSV
added 2024/11/01 5:26 p.m.6 views

MGASA-2024-0343 Updated buildah, podman, skopeo packages fix security vulnerabilities

A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...

8.6CVSS7AI score0.02085EPSS
Exploits0References10
CBLMariner
CBLMariner
added 2024/11/01 4:41 p.m.15 views

CVE-2024-28180 affecting package dcos-cli for versions less than 1.2.0-19

CVE-2024-28180 affecting package dcos-cli for versions less than 1.2.0-19. A patched version of the package is available...

4.3CVSS5.1AI score0.01956EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/11/01 4:41 p.m.14 views

CVE-2024-8006 affecting package libpcap for versions less than 1.10.1-3

CVE-2024-8006 affecting package libpcap for versions less than 1.10.1-3. A patched version of the package is available...

4.4CVSS7AI score0.0022EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2024/11/01 3:32 p.m.2 views

Security update for rubygem-actionmailer-5_1

This update for rubygem-actionmailer-51 fixes the following issues: CVE-2024-47889: Fixed Possible ReDoS vulnerability in blockformat in Action Mailer bsc1231723. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

5.9CVSS7.5AI score0.00944EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.6 views

PT-2024-34620 · Unknown · Open Floodlight Sdn Controller

Name of the Vulnerable Software and Affected Versions: Floodlight SDN Open Flow Controller version 1.2 Description: The issue allows local hosts to build fake LLDP packets, which can cause Floodlight to miss specific clusters. This, in turn, leads to missed hosts inside and outside the cluster. T...

6.2CVSS6.3AI score0.0023EPSS
Exploits1References9
Amazon
Amazon
added 2024/11/01 12:0 a.m.18 views

Important: qt5-qttools

Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...

8.6CVSS7.8AI score0.00494EPSS
Exploits0
Cvelist
Cvelist
added 2024/10/31 6:2 p.m.30 views

CVE-2024-50356 Press has a potential 2FA bypass

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Onl...

0.00361EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/31 12:0 a.m.4 views

PT-2024-33089 · Qualitor · Qualitor

Name of the Vulnerable Software and Affected Versions: Qualitor version 8.24 Description: The issue is a remote code execution RCE vulnerability. It can be exploited via the gridValoresPopHidden parameter. Recommendations: For Qualitor version 8.24, avoid using the gridValoresPopHidden parameter...

9.8CVSS7.3AI score0.02221EPSS
Exploits2References7
OSV
OSV
added 2024/10/29 6:40 p.m.3 views

CLSA-2024-1730227233 Fix CVE(s): CVE-2024-8925

SECURITY UPDATE: prevent erroneous parsing - debian/patches/CVE-2024-8925.patch: limit boundary size to prevent erroneous parsing in multipart/form-data POST data - CVE-2024-8925...

5.3CVSS6.8AI score0.00947EPSS
Exploits1References1
OSV
OSV
added 2024/10/29 2:36 p.m.21 views

CVE-2024-50334 Semicolon Path Injection on API /api;/config

Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT...

8.7CVSS7.2AI score0.01008EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.3 views

PT-2024-10604 · Unknown · Lunad3V Areaload

Name of the Vulnerable Software and Affected Versions: LUNAD3v AreaLoad up to 1a1103182ed63a06dde63d1712f3262eda19c3ec Description: A critical issue affects the processing of the file request.php, where the manipulation of the phone argument leads to sql injection. The estimated number of...

5.5CVSS7.6AI score0.00291EPSS
Exploits0References7
Rows per page
Query Builder