CVE-2024-1567

CVE-2024-1567 affects Royal Elementor Addons and Templates for WordPress. It arises from missing file type validation in file_validity, allowing unauthenticated users to upload unsafe file types (e.g., .svgz) on versions up to 1.3.94. This could enable cross-site scripting or remote code executio...

CVE-2024-32046

Mattermost versions 9.6.x = 9.6.0, 9.5.x = 9.5.2, 9.4.x = 9.4.4 and 8.1.x = 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored...

Royal Elementor Addons and Templates < 1.3.95 - Unauthenticated Limited File Upload

Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'filevalidity' function in all versions up to, and including, 1.3.94. This makes it possible for unauthenticated attackers to upload dangerous...

Handling untrusted input can result in a crash, leading to loss of availability / denial of service

Using particular inputs with @solana/web3.js will result in memory exhaustion OOM. If you have a server, client, mobile, or desktop product that accepts untrusted input for use with @solana/web3.js, your application/service may crash, resulting in a loss of availability...

CVE-2023-5395

Server receiving a malformed message that uses the hostname in an internal table may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning...

CVE-2023-5403

Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning...

Palo Alto OS Command Injection

CVE-2024-3400 CVE-2024-3400 Palo Alto OS Command Injection send this HTTP request: http POST /ssl-vpn/hipreport.esp HTTP/1.1 Host: 127.0.0.1 Cookie: SESSID=/../../../var/appweb/sslvpndocs/global-protect/portal/images/hellome1337.txt; Connection: close Content-Type: application/x-www-form-urlencod...

Palo Alto OS Command Injection Vulnerability

Palo Alto OS was recently hit by a command injection zero day attack. These are exploitation details related to the zero day. CVE-2024-3400 CVE-2024-3400 Palo Alto OS Command Injection send this HTTP request: http POST /ssl-vpn/hipreport.esp HTTP/1.1 Host: 127.0.0.1 Cookie:...

CVE-2024-20994 vulnerabilities

Vulnerabilities for packages: mysql...

mlflow Path Traversal vulnerability

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...

CVE-2024-3028 Improper Input Validation in mintplex-labs/anything-llm

mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the 'logofilename' parameter in the 'system-preferences' API endpoint, an attacker can construct requests to read sensitive files or the...

CrushFTP Unauthenticated RCE

This exploit module leverages an Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability CVE-2023-43177 to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session properties by...

SUSE-SU-2024:1263-1 Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: - Fixed regression for security fix bsc1222312 for CVE-2024-31083 when using Android Studio bsc1222442...

Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerabilities

Heap buffer overread/data leakage in ProcXIGetSelectedEvents. CVE-2024-31080 Heap buffer overread/data leakage in ProcXIPassiveGrabDevice. CVE-2024-31081 User-after-free in ProcRenderAddGlyphs. CVE-2024-31083...

CVE-2023-5393

Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and...

CVE-2024-1511

CVE-2024-1511 affects parisneo/lollms-webui. Path traversal arises from inadequate validation of user-supplied file paths in multiple endpoints, enabling an unauthenticated attacker to read, write, and in some configurations execute arbitrary server files. Impact can occur even when the service r...

GHSA-XP9J-8P68-9Q93 Mattermost Server Improper Access Control

Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel...

CVE-2024-3116

pgAdmin = 8.4 is affected by a Remote Code Execution RCE vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the...

CVE-2024-3116 Remote Code Execution Vulnerability through the validate binary path API in pgAdmin 4

pgAdmin = 8.4 is affected by a Remote Code Execution RCE vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the...

CVE-2024-3116

CVE-2024-3116 affects pgAdmin