CVE-2024-50695

SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks...

CVE-2024-12480

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been classified as critical. Affected is the function searchTopic of the file wetech-cms-master\wetech-core\src\main\java\tech\wetech\cms\dao\TopicDao.java. The manipulation of the argument con leads to sql injection. It is possible...

CVE-2024-12479

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2 and classified as critical. This issue affects the function searchTopicByKeyword of the file wetech-cms-master\wetech-core\src\main\java\tech\wetech\cms\dao\TopicDao.java. The manipulation of the argument keyword leads to sql injection. The...

PT-2024-17612 · Unknown · Wetech-Cms

Name of the Vulnerable Software and Affected Versions: cjbi wetech-cms versions 1.0 through 1.2 Description: A critical issue affects the searchTopicByKeyword function of the file wetech-cms-masterwetech-coresrcmainjavatechwetechcmsdaoTopicDao.java. The manipulation of the keyword argument leads ...

PT-2024-17613 · Unknown · Wetech-Cms

Name of the Vulnerable Software and Affected Versions: cjbi wetech-cms versions 1.0 through 1.2 Description: A critical issue has been found, affecting the searchTopic function in the TopicDao.java file. The manipulation of the con argument leads to SQL injection, allowing for remote attacks. The...

PT-2024-28278 · Open Robotics · Ros2 +1

Name of the Vulnerable Software and Affected Versions: Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble version Description: A heap overflow was discovered in the nav2 amcl process. This issue is triggered via sending a crafted message to the component /initialpose. Recommendations:...

Auto-Rebooting iPhones Are Causing Chaos for Cops

Plus: Hot Topic confirms a customer data breach, Germany arrests a US citizen for allegedly passing military secrets to Chinese intelligence, and more...

OESA-2024-2345 mosquitto security update

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

OESA-2024-2343 mosquitto security update

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

DEBIAN-CVE-2024-3935

In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the...

CVE-2024-3935

In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the...

UBUNTU-CVE-2024-3935

In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the...

CVE-2024-3935 Eclipse Mosquito: Double free vulnerability

In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the...

CVE-2024-3935

In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the...

PT-2024-8324

Name of the Vulnerable Software and Affected Versions: Eclipse Mosquitto versions 2.0.0 through 2.0.18 Description: The issue is related to a double free error in Eclipse Mosquitto. When a Mosquitto broker is configured to create an outgoing bridge connection with an incoming topic that uses topi...

Discourse < 3.3.2 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

CVE-2024-8783

A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16. Affected is an unknown function of the file system/pages/forum/newpost.php of the component Post Reply Handler. The manipulation of the argument posttopic leads to cross site scripting. It is possible to...

MyAAC 跨站脚本漏洞

MyAAC is an OpenTibiaBR open source free and open source Automated Account Creator AAC written in PHP. A cross-site scripting vulnerability exists in MyAAC version 0.8.16 and prior versions, which stems from a cross-site scripting attack in the file system/pages/forum/newpost.php of the component...

The vulnerability of the multi-site content management system UMI CMS, related to the lack of measures taken to protect the SQL query structure, allows for the execution of arbitrary SQL queries.

The vulnerability of the multi-site content management system UMI CMS is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries through the forum topic creation function...

Welotec Industrial Routers Improper Access Control (CVE-2023-1083)

An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...