CVE-2024-29001

A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited...

CVE-2024-29003 SolarWinds Platform Cross Site Scripting Vulnerability

The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction...

CVE-2024-29003 SolarWinds Platform Cross Site Scripting Vulnerability

The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction...

CVE-2024-29003

CVE-2024-29003 affects the SolarWinds Platform, specifically a cross-site scripting flaw in the maps section of the UI. The vulnerability requires authentication and user interaction to exploit and can expose data via XSS. The issue is documented across multiple sources (NVD/NCSC/Red Hat/RH advis...

CVE-2024-29001

CVE-2024-29001 is a SolarWinds Platform SWQL Injection vulnerability identified in the user interface that requires authentication and user interaction to exploit. Connected sources corroborate this as a UI SWQL/SQL-injection issue with high impact (confidentiality, integrity, availability) and a...

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An information disclosure vulnerability exists in Apache Airflow versions 2.7.0...

SolarWinds Platform SQL注入漏洞

SolarWinds Platform is a unified monitoring, observability, and service management platform from SolarWinds Corporation, USA. SolarWinds Platform suffers from a SQL injection vulnerability that stems from SQL injection in the user interface...

KLA65692 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An...

PT-2024-3481 · Solarwinds · Solarwinds Platform

Name of the Vulnerable Software and Affected Versions: SolarWinds Platform affected versions not specified Description: The issue is related to a XSS vulnerability in the maps section of the user interface. This vulnerability requires authentication and user interaction to be exploited. It may...

DEBIAN-CVE-2024-3844

Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...

DEBIAN-CVE-2024-3847

Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that can be exploited by attackers to perform UI spoofing via a crafted application...

SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2024:1293-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1293-1 advisory. webkit2gtk3 was updated to fix the following issues: Update to version 2.44.0 boo1222010: - CVE-2024-23252:...

KLA65640 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. Denia...

KLA65693 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service, spoof user interface, obtain sensitive information, perform cross-site scripting attack. Below is a...

PT-2024-24340 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.10.7 Argo CD versions prior to 2.9.12 Argo CD versions prior to 2.8.16 Description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces...

LoLLMs SQL注入漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. LoLLMs suffers from a SQL injection vulnerability that stems from improper neutralization of special elements used in SQL commands, which allows an attacker to send a carefully crafted HTTP POS...

Argo CD 安全漏洞

Argo CD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g. configuration in the Git repository, automatically synchronizing and deploying...

PT-2024-27503 · Unknown · Cym1102 Nginxwebui

Name of the Vulnerable Software and Affected Versions: cym1102 nginxWebUI versions up to 3.9.9 Description: A critical issue affects the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. This issue can be exploited remotely...

CVE-2023-47714

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...