Lucene search
K

30459 matches found

Github Security Blog
Github Security Blog
added 2024/09/27 8:51 p.m.19 views

Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting

Summary If values passed to a ColorColumn or ColumnEntry are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered. Versions of Filament from v3.0.0 through v3.2.114 are affected...

6.1CVSS6.1AI score0.00383EPSS
Exploits0References4Affected Software2
GithubExploit
GithubExploit
added 2024/09/27 9:2 a.m.778 views

Exploit for Special Element Injection in Google Android

CVE-2024-0044/A-307532206https://nvd.nist.gov/vuln/detail/CVE...

7.8CVSS7.8AI score0.0146EPSS
Exploits28
OSV
OSV
added 2024/09/26 5:54 p.m.25 views

GHSA-J827-6RGF-9629 Layui has DOM Clobbering gadgets that leads to Cross-site Scripting

Summary A DOM Clobbering vulnerability has been discovered in layui that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. It's worth noting that we’ve identifed similar issues in other popular...

6.4CVSS6AI score0.00311EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/09/26 5:54 p.m.58 views

Layui has DOM Clobbering gadgets that leads to Cross-site Scripting

Summary A DOM Clobbering vulnerability has been discovered in layui that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. It's worth noting that we’ve identifed similar issues in other popular...

6.4CVSS5.3AI score0.00311EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/25 9:21 p.m.13 views

CVE-2024-47083 Power Platform Terraform Provider has Improper Masking of Secrets in Logs

Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive information, specifically the clientsecret used in the service principal authentication, may be...

8.8CVSS6.9AI score0.01468EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/09/25 6:21 p.m.26 views

Cross-Site Request Forgery (CSRF) in strawberry-graphql

Impact Multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to CSRF attacks if users did not explicitly enable CSRF preventing security...

8CVSS7.2AI score0.00223EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2024/09/25 6:15 p.m.6 views

PYSEC-2024-171

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...

8CVSS7AI score0.00223EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/09/25 6:15 p.m.9 views

PYSEC-2024-171

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...

8CVSS8AI score0.00223EPSS
Exploits0References3
OSV
OSV
added 2024/09/25 6:12 p.m.6 views

CLSA-2024-1727287647 emacs: Fix of CVE-2024-48337

CVE-2024-48337: fix etags local command injection vulnerability...

5.8AI score
Exploits0References1
CVE
CVE
added 2024/09/25 5:48 p.m.95 views

CVE-2024-47082

The CVE-2024-47082 entry describes a vulnerability in Strawberry GraphQL where multipart file upload support was enabled by default in HTTP view integrations prior to version 0.243.0, enabling CSRF attacks if CSRF protection was not explicitly enabled. The Django HTTP view integration had a defau...

8CVSS5.3AI score0.00223EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/09/25 5:37 a.m.11 views

CGA-WQ89-7PPW-PMC8

Bulletin has no description...

7.5CVSS8.2AI score0.01127EPSS
Exploits0
OSV
OSV
added 2024/09/25 5:22 a.m.6 views

CGA-FQMR-R24H-HRGP

Bulletin has no description...

4.3CVSS5.6AI score0.00839EPSS
Exploits0
Patchstack
Patchstack
added 2024/09/25 12:0 a.m.12 views

WordPress Templately Plugin <= 3.1.2 is vulnerable to Broken Access Control

Software Templately Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47308 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e4f1c6a95d39 Credits Joshua Chan Required privile...

9.8CVSS6.5AI score0.01695EPSS
Exploits0References2Affected Software1
Wordfence Blog
Wordfence Blog
added 2024/09/24 6:2 p.m.17 views

20,000 WordPress Sites Affected by Privilege Escalation Vulnerability in WCFM – WooCommerce Frontend Manager WordPress Plugin

📢 Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearche...

8.8CVSS8.6AI score0.00586EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/09/23 12:0 a.m.9 views

PT-2024-31673 · Zimbra · Zimbra Collaboration +2

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions prior to 10.1.1 Description: A Cross-Site Scripting XSS issue exists due to insufficient sanitization of the packages parameter in one of the endpoints of Zimbra Webmail. This allows attackers to bypass...

5.4CVSS6.1AI score0.00645EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2024/09/21 12:0 a.m.8 views

PT-2024-10293 · Google +1 · Google Messages +1

The vulnerable software is Samsung's Monkey's Audio APE decoder, used in Samsung smartphones running Android versions 12, 13, and 14. The vulnerability is a high-severity out-of-bounds write flaw that allows remote attackers to execute arbitrary code on the device without any user interaction. Th...

9.8CVSS8.3AI score0.00957EPSS
Exploits0References50
Vulnrichment
Vulnrichment
added 2024/09/20 6:56 p.m.14 views

CVE-2024-42351 Possible Data Tampering & Loss of Public Datasets in Galaxy

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. An attacker can potentially replace the contents of public datasets resulting in data loss or tampering. All supported branches of Galaxy and...

6.5CVSS6.9AI score0.00454EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/09/20 6:53 p.m.23 views

CVE-2024-42346 Stored Cross Site Scripting (Stored XSS) in Galaxy

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

7.6CVSS6.8AI score0.00709EPSS
Exploits0References1
OSV
OSV
added 2024/09/19 11:34 p.m.6 views

CVE-2024-45808 Malicious log injection via access logs in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the REQUESTEDSERVERNAME field for access logger...

6.5CVSS6.3AI score0.00353EPSS
Exploits0References3
OSV
OSV
added 2024/09/19 10:38 p.m.25 views

CVE-2024-46984 XML External Entity Reference (XXE) vulnerability can lead to a Server Side Request Forgery attack in gematik app-referencevalidator

The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...

8.6CVSS6.7AI score0.00637EPSS
Exploits0References8
Rows per page
Query Builder