CVE-2024-37352

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other system administrators’ use of the management UI when the second administrator accesses the...

CVE-2024-37348

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the management UI when the second administrator later edits the same...

CVE-2024-37346

There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid data to the...

CVE-2024-37347

There is a cross-site scripting vulnerability in the pool configuration component of the management UI of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can pass a limited length script to be run by another administrator. The scope is unchanged, there is no...

The vulnerability of Microsoft Edge browser, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spoofing attacks...

PT-2024-4331 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to errors in presenting information to the user interface, which can allow a remote attacker to conduct spoofing attacks. Recommendations: At the...

PT-2024-27496 · Absolute · Absolute Secure Access

Name of the Vulnerable Software and Affected Versions: Absolute Secure Access versions prior to 13.06 Description: The issue is a cross-site scripting vulnerability in the management UI of Absolute Secure Access. This vulnerability allows attackers with system administrator permissions to interfe...

Apache Kafka Security Vulnerability

Apache Kafka is an open source distributed streaming platform from the Apache USA Foundation. The platform is capable of fetching real-time data for building applications that react in real-time to changes in the data stream. A security vulnerability exists in Apache Kafka UI versions prior to...

Malicious code in @cart-ui/core-i18n (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89568273084fef75464b1c975014417bf122a818685035e43012bb1ff5c3ba33 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-28969

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...

SUSE CVE-2024-5835

Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

PT-2024-37265 · Deep Sea Electronics · Dse855

Name of the Vulnerable Software and Affected Versions: Deep Sea Electronics DSE855 affected versions not specified Description: This issue allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. The specific flaw exists within t...

PT-2024-4198 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to errors in presenting information to the user interface, which can allow a remote attacker to conduct spoofing attacks. Recommendations: At the...

PT-2024-37266 · Deep Sea Electronics · Dse855

Name of the Vulnerable Software and Affected Versions: Deep Sea Electronics DSE855 affected versions not specified Description: This issue allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. The specific flaw exists within t...

Deep Sea Electronics DSE855 Security Vulnerability

Deep Sea Electronics DSE855 is a USB to Ethernet communication device from Deep Sea Electronics, UK. A security vulnerability exists in the Deep Sea Electronics DSE855 that stems from a specific flaw in the Web UI that allows access to functionality lacking authentication, which could be exploite...

Deep Sea Electronics DSE855 Security Vulnerability

Deep Sea Electronics DSE855 is a USB to Ethernet communication device from Deep Sea Electronics, UK. A security vulnerability exists in the Deep Sea Electronics DSE855 that stems from a specific flaw in the Web UI that allows access to functions lacking authentication, which could be exploited by...

Deep Sea Electronics DSE855 Security Vulnerability

Deep Sea Electronics DSE855 is a USB to Ethernet communication device from Deep Sea Electronics, UK. A security vulnerability exists in the Deep Sea Electronics DSE855 that stems from a specific flaw in the Web UI that allows access to functions lacking authentication, which could be exploited by...

PT-2024-4199 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to errors in the representation of information by the user interface. Exploitation of this issue may allow a remote attacker to conduct spoofing...

PT-2024-37261 · Deep Sea Electronics · Dse855

Name of the Vulnerable Software and Affected Versions: Deep Sea Electronics DSE855 affected versions not specified Description: This issue allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. The specific flaw exists...

KLA68934 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in...