2 matches found
CVE-2024-5716
CVE-2024-5716 is a Logsign Unified SecOps Platform authentication bypass vulnerability in the password reset flow caused by insufficient rate limiting of reset attempts. Public sources confirm affected software is the Logsign Unified SecOps Platform (pre-6.4.8 per CNNVD) with unauthenticated rese...
CVE-2024-24570 Statamic account takeover via XSS and password reset link
Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...