CVE-2024-30681

...

CVE-2024-30701

...

Unveiling Earth Freybug’s New TTPs Adoption with UNAPIMON

...

CVE-2024-30661

...

Human Resource Management System 2024 1.0 SQL Injection

Title: hrm2024.1.0-Multiple-SQLi Author: nu11secur1ty Date: 04/02/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Reference: https://portswigger.net/web-security/sql-injection...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: bom, ko-fips, tigera-operator, kubernetes-csi-livenessprobe, aws-ebs-csi-driver, go, kube-oidc-proxy, nerdctl, helm-operator, falcosidekick-fips, aws-efs-csi-driver-fips, fuse-overlayfs-snapshotter, terraform-provider-azurerm, ko, kubescape, velero-plugin-for-csi-fip...

CVE-2024-29193 GHSL-2023-207 gotortc DOM-based Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...

CVE-2024-25704

...

CVE-2024-25709 Self-XSS style in move item dialog

There is a stored Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item, which could potentially execute arbitrary JavaScrip...

CVE-2024-25700 Persistent XSS in URL added to a shared map

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in a web map link which when clicked could potentially execute arbitrary...

CVE-2024-2692

CVE-2024-2692 affects SiYuan version 3.0.3, with a Server-Side XSS weakness that allows an attacker to execute arbitrary commands on the server. The vulnerability is described across multiple sources as enabling remote command execution due to improper handling of input leading to server-side cod...

CVE-2024-26765

CVE-2024-26765 concerns the Linux kernel on LoongArch. The issue arises when hotplugging nonboot CPUs: IRQs are disabled before calling init_fn(), intended to silence warnings and avoid interrupts, but this is tied to the rcu_cpu_starting warning path (CPU: 1, pid: 0). The result is a race where ...

CVE-2024-26759 mm/swap: fix race when skipping swapcache

In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix race when skipping swapcache When skipping swapcache for SWPSYNCHRONOUSIO, if two or more threads swapin the same entry at the same time, they get different pages A, B. Before one thread T0 finishes the swapin and...

CVE-2024-26724

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers I managed to hit following use after free warning recently: 2169.711665 ================================================================== 2169.714009...

Jenkins cli Ampersand Replacement Arbitrary File Read

This module utilizes the Jenkins cli protocol to run the help command. The cli is accessible with read-only permissions by default, which are all thats required. Jenkins cli utilizes args4j's parseArgument, which calls expandAtFiles to replace any @ with the contents of a file. We are then able t...

CVE-2024-26645 tracing: Ensure visibility when inserting an element into tracing_map

In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracingmap Running the following two commands in parallel on a multi-processor AArch64 machine can sporadically produce an unexpected warning about duplicate histogram...

[SECURITY] Fedora 40 Update: w3m-0.5.3-63.git20230121.fc40

The w3m program is a pager or text file viewer that can also be used as a text-mode Web browser. W3m features include the following: when reading an HTML document, you can follow links and view images using an external image viewer; its internet message mode determines the type of document from t...

HackerOne: "package_name" can be set as desired when submitting a Pentest Opportunity form

Vulnerability description not provided...

About the security content of iOS 17.4.1 and iPadOS 17.4.1

About the security content of iOS 17.4.1 and iPadOS 17.4.1 This document describes the security content of iOS 17.4.1 and iPadOS 17.4.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

HackerOne: Possible PII Disclosure via Advanced Vetting Process - ██████

Possible PII disclosure was identified in the HackerOne Advanced Vetting process. Unauthorized users were able to download a CSV file containing the names, usernames, and other personal details of users who had accepted the Advanced Vetting terms. The issue was observed in a sandboxed program, bu...