CGA-7W94-X9XC-39G8

Bulletin has no description...

CGA-6GP9-P4RW-X8QM

Bulletin has no description...

CGA-5HJM-Q28P-8526

Bulletin has no description...

CGA-4X39-MJ8H-5PWJ

Bulletin has no description...

CGA-7X43-35CP-P32V

Bulletin has no description...

CGA-3CXR-9J74-62C2

Bulletin has no description...

CGA-22HQ-8GHG-J92H

Bulletin has no description...

DEBIAN-CVE-2021-47269

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: ep0: fix NULL pointer exception There is no validation of the index from dwc3wIndextodep and we might be referring a non-existing ep and trigger a NULL pointer exception. In certain configurations we might use fewer ep...

CVE-2024-4326

A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the /applysettings and /executecode endpoints. Attackers can bypass protections by setting the host to localhost, enabling code...

CVE-2024-34352 Arbitrary file write vulnerability in 1Panel

1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol...

PT-2024-31854 · Semcms · Semcms

Name of the Vulnerable Software and Affected Versions: SEMCMS versions up to 4.8 Description: A critical issue has been found, affecting the locate function of the function.php file, leading to sql injection. The attack can be launched remotely. Recommendations: For SEMCMS versions up to 4.8: Pat...

PYSEC-2024-163

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Prior to version 0.3.0, default functions don't respect nonreentrancy keys and the lock isn't emitted. No vulnerable production contracts were found. Additionally, using a lock on a default function is a very sparsely...

FreeRDP Memory Corruption Vulnerability (CNVD-2024-20776)

FreeRDP is a freeware program that implements the Remote Desktop Protocol, which is mainly used to connect and manage Windows servers remotely. FreeRDP had a memory corruption vulnerability in versions prior to 3.5.1, where a malicious server could crash a FreeRDP client by sending invalid huge...

CVE-2024-32875 Hugo doesn't escape markdown title in internal render hooks

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

CVE-2024-32653 Insufficient input filtering of "package name" allows command execution in the device with shell privileges

jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for...

PT-2024-24176 · Unknown · Cosmetics/Beauty Product Online Store

Name of the Vulnerable Software and Affected Versions: Cosmetics and Beauty Product Online Store version 1.0 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter. This enables attackers ...

CVE-2024-20050

In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541757...

CVE-2024-20054

In gnss, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580200; Issue ID: ALPS08580200...

@workos-inc/authkit-nextjs session replay vulnerability

Impact A user can reuse an expired session by controlling the x-workos-session header. Patches Patched in https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2...

GHSA-H6X7-R5RG-X5FW Serverpod client accepts any certificate

This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic an...