CVE-2024-13230

creationtimestamp| type| source ---|---|--- 2025-01-21 11:11:26+00:00| seen| https://infosec.exchange/users/cve/statuses/113866040035703869 2025-01-21 11:15:21+00:00| seen| https://infosec.exchange/users/cve/statuses/113866055399154408 2025-01-21 11:15:32+00:00| seen|...

CVE-2023-33998

creationtimestamp| type| source ---|---|--- 2024-12-13 16:59:24+00:00| seen| https://infosec.exchange/users/cve/statuses/113646578192607435...

CVE-2024-11664

creationtimestamp| type| source ---|---|--- 2024-11-25 09:04:10+00:00| seen| https://infosec.exchange/users/cve/statuses/113542787862924259 2024-11-25 14:43:09+00:00| published-proof-of-concept| https://t.me/LeakDBMS/1519...

Exploit for Code Injection in Geoserver

CVE-2024-36401 This is a program for checking vulnerabilities...

CVE-2024-30163

creationtimestamp| type| source ---|---|--- 2024-05-19 15:31:55+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/10529 2025-05-28 07:25:12+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-30163.yaml 2025-05-31...

CVE-2023-0342

creationtimestamp| type| source ---|---|--- 2024-04-12 13:48:42+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/mongodbopsmanagerdiagnosticarchiveinfo.rb 2024-04-13 12:45:41+00:00| seen| https://t.me/arpsyndicate/4652 2025-02-06 03:13:45+00:00| see...

GHSA-476G-V7HF-CW5M Cross-site Scripting (XSS) in Document Properties Parameter

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...

GHSA-HFMG-G39C-5444 pimcore is vulnerable to cross-site scripting in translate module

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.20 or apply this patch manually...

Pimcore vulnerable to improper quoting of filters in Custom Reports

Impact Since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method no CSRF protection, an attacker can inject an arbitrary query by manipulating a user to click on a link. The impact of this path traversal and arbitra...

编号已被CVE保留

No details are available at this time...

编号已被CVE保留

No details are available at this time...

编号已被CVE保留

No details are available at this time...

GSD-2022-1001074 ath11k: mhi: use mhi_sync_power_up()

ath11k: mhi: use mhisyncpowerup This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.3 by commit 646d533af2911be1184eaee8c900b7eb8ecc4396. For...

Zstandard 安全漏洞

Facebook Zstandard is an open source lossless data compression algorithm from Facebook Inc. in the United States. A security vulnerability exists in Zstandard command-line v1.4.1 and prior to v1.4.9, which stems from an incomplete fix to CVE-2021-24031, in which the Zstandard command-line tool...

Low severity vulnerability that affects com.linecorp.armeria:armeria

Multiple timing attack vulnerabilities leading to the recovery of secrets based on the use of non-constant time compare function Impact String comparison method in multiple authentication validation in Armeria were known to be vulnerable to timing attacks. This vulnerability is caused by the...

Diamorphine - LKM Rootkit for Linux Kernels 2.6.x/3.x/4.x

Diamorphine is a LKM rootkit for Linux Kernels 2.6.x/3.x/4.x Features When loaded, the module starts invisible; Hide/unhide any process by sending a signal 31; Sending a signal 63to any pid makes the module become invisible; Sending a signal 64to any pid makes the given user become root; Files or...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references...

Apache Shindig 2.5.0 XXE Injection

CVE-2013-4295: XXE vulnerability In Apache Shindig 2.5.0 PHP Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Shindig PHP 2.5.0 Description: The gadget renderer in the PHP version of Apache Shindig is subject to an XML External Entity XXE Injection attack. The...

CVE-2006-3952

creationtimestamp| type| source ---|---|--- 2010-05-09 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16742 2014-05-27 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/33538 2018-05-29 15:50:33+00:00| seen|...

CVE-2009-2650

creationtimestamp| type| source ---|---|--- 2009-07-16 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/9173 2009-08-31 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/9551 2009-12-27 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/10744 2018-05-29...