CVE-2024-7864 Favicon Generator < 2.1 - Arbitrary File Deletion via CSRF

The Favicon Generator CLOSED WordPress plugin before 2.1 does not have CSRF and path validation in the outputsubadminpage0 function, allowing attackers to make logged in admins delete arbitrary files on the server...

CVE-2024-39925

An issue was discovered in Vaultwarden formerly BitwardenRS 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a...

GHSA-FR9Q-RGWQ-G5R5 MindsDB Deserialization of Untrusted Data vulnerability

Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it...

MindsDB Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine,...

GHSA-C85F-PCX6-2GHM MindsDB Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query i...

PYSEC-2024-80

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a...

CVE-2024-45159

An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtlssslgetverifyresult would...

Changsha YouDian Software Technology Co., Ltd. YouDianCMS has a logic flaw vulnerability

YouDianCMS set computer website, mobile website, micro letter, APP, small program in one, share space, data automatic synchronization, is the domestic open source five station one excellent solution. Changsha YouDianCMS has a logic flaw vulnerability that can be exploited by attackers to delete a...

Denial of service in quinn-proto when using `Endpoint::retry()`

Summary As of quinn-proto 0.11, it is possible for a server to accept, retry, refuse, or ignore an Incoming connection. However, calling retry on an unvalidated connection exposes the server to a likely panic in the following situations: - Calling refuse or ignore on the resulting validated...

Unrestricted File Upload

FeehiCMS is vulnerable to unrestricted file upload. The vulnerability is due to lack of proper restrictions on file uploads in the User argument within the insert function of FeehiCMS, which allows an attacker to upload malicious files remotely, potentially leading to unauthorized code execution ...

pgAdmin 8.4 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'pgAdmin Binary Path API RCE', 'Description' = %q pgAdmin MSFLICENSE, 'Author' = 'M.Selim Karahan', metasploit module 'Mustafa Mutlu', lab prep. a...

CVE-2024-7258 WooCommerce Google Feed Manager <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion

The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfmremoveFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level acces...

Defend Your GraphQL Server Against Excessive Resource Consumption

...

CVE-2024-6460 Grow by Tradedoubler <= 2.0.21 - Unauthenticated LFI

The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

Siemens SCALANCE M-800 Series Configuration Error Vulnerability

SCALANCE M-800, MUM-800, S615, RUGGEDCOM RM1224 are all industrial routers. A misconfiguration vulnerability exists in the Siemens SCALANCE M-800 series that stems from not properly enforcing isolation between user sessions in its web server component, which can be exploited by an authenticated,...

CVE-2024-3114 Uncontrolled Resource Consumption in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server...

CVE-2024-6707

Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability...

Flowise Cross-site Scripting in/api/v1/credentials/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/credentials/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craf...

PYSEC-2024-73

A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json and dsconfigchatbot.json. This issue arises due to improper validation of file paths, enabling...

Important: Red Hat Security Advisory: freeradius:3.0 security update

An update for the freeradius:3.0 module is now available for Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support. Red Hat Product Security has rate...