30459 matches found
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
Summary If values passed to a ColorColumn or ColumnEntry are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered. Versions of Filament from v3.0.0 through v3.2.114 are affected...
Exploit for Special Element Injection in Google Android
CVE-2024-0044/A-307532206https://nvd.nist.gov/vuln/detail/CVE...
GHSA-J827-6RGF-9629 Layui has DOM Clobbering gadgets that leads to Cross-site Scripting
Summary A DOM Clobbering vulnerability has been discovered in layui that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. It's worth noting that we’ve identifed similar issues in other popular...
Layui has DOM Clobbering gadgets that leads to Cross-site Scripting
Summary A DOM Clobbering vulnerability has been discovered in layui that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. It's worth noting that we’ve identifed similar issues in other popular...
CVE-2024-47083 Power Platform Terraform Provider has Improper Masking of Secrets in Logs
Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive information, specifically the clientsecret used in the service principal authentication, may be...
Cross-Site Request Forgery (CSRF) in strawberry-graphql
Impact Multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to CSRF attacks if users did not explicitly enable CSRF preventing security...
PYSEC-2024-171
Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...
PYSEC-2024-171
Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...
CLSA-2024-1727287647 emacs: Fix of CVE-2024-48337
CVE-2024-48337: fix etags local command injection vulnerability...
CVE-2024-47082
The CVE-2024-47082 entry describes a vulnerability in Strawberry GraphQL where multipart file upload support was enabled by default in HTTP view integrations prior to version 0.243.0, enabling CSRF attacks if CSRF protection was not explicitly enabled. The Django HTTP view integration had a defau...
CGA-WQ89-7PPW-PMC8
Bulletin has no description...
CGA-FQMR-R24H-HRGP
Bulletin has no description...
WordPress Templately Plugin <= 3.1.2 is vulnerable to Broken Access Control
Software Templately Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47308 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e4f1c6a95d39 Credits Joshua Chan Required privile...
20,000 WordPress Sites Affected by Privilege Escalation Vulnerability in WCFM – WooCommerce Frontend Manager WordPress Plugin
📢 Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearche...
PT-2024-31673 · Zimbra · Zimbra Collaboration +2
Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions prior to 10.1.1 Description: A Cross-Site Scripting XSS issue exists due to insufficient sanitization of the packages parameter in one of the endpoints of Zimbra Webmail. This allows attackers to bypass...
PT-2024-10293 · Google +1 · Google Messages +1
The vulnerable software is Samsung's Monkey's Audio APE decoder, used in Samsung smartphones running Android versions 12, 13, and 14. The vulnerability is a high-severity out-of-bounds write flaw that allows remote attackers to execute arbitrary code on the device without any user interaction. Th...
CVE-2024-42351 Possible Data Tampering & Loss of Public Datasets in Galaxy
Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. An attacker can potentially replace the contents of public datasets resulting in data loss or tampering. All supported branches of Galaxy and...
CVE-2024-42346 Stored Cross Site Scripting (Stored XSS) in Galaxy
Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...
CVE-2024-45808 Malicious log injection via access logs in envoy
Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the REQUESTEDSERVERNAME field for access logger...
CVE-2024-46984 XML External Entity Reference (XXE) vulnerability can lead to a Server Side Request Forgery attack in gematik app-referencevalidator
The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...