CVE-2024-57329

HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads...

CVE-2024-57329

HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads...

CVE-2024-57329

HortusFox v3.9 is affected by a stored XSS in the Add Plant function. The name field does not sanitize/escape input, enabling injection and execution of arbitrary JavaScript payloads. Several connected sources confirm the vulnerability as a stored XSS (CVE-2024-57329) and note a temporary workaro...

CVE-2024-22873

Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery SSRF via the event subscription function /service/subscription.go. This vulnerability allows attackers to access internal requests via a crafted POST request...

GHSA-7X94-6G2M-3HP2 Defining resource name as integer may give unintended access in vantage6

Impact Malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for...

Defining resource name as integer may give unintended access in vantage6

Impact Malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for...

CVE-2022-38923

BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload...

GSD-2023-1002287 net: nfc: Fix use-after-free in local_cleanup()

net: nfc: Fix use-after-free in localcleanup This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.305 by commit...

GSD-2023-1002260 net: nfc: Fix use-after-free in local_cleanup()

net: nfc: Fix use-after-free in localcleanup This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.272 by commit...

GSD-2023-1001425 ntb_netdev: Use dev_kfree_skb_any() in interrupt context

ntbnetdev: Use devkfreeskbany in interrupt context This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

GSD-2023-1001118 ntb_netdev: Use dev_kfree_skb_any() in interrupt context

ntbnetdev: Use devkfreeskbany in interrupt context This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.86 by commit...

GSD-2023-1000477 dm cache: Fix UAF in destroy()

dm cache: Fix UAF in destroy This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.18 by commit 6ac4f36910764cb510bafc4c3768544f86ca48ca, it was...

GSD-2022-1007075 clk: tegra20: Fix refcount leak in tegra20_clock_init

clk: tegra20: Fix refcount leak in tegra20clockinit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit...

GSD-2022-1006116 vsock: Fix memory leak in vsock_connect()

vsock: Fix memory leak in vsockconnect This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.256 by commit...

GSD-2022-1005796 vsock: Fix memory leak in vsock_connect()

vsock: Fix memory leak in vsockconnect This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.138 by commit...

PT-2022-34481 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v3.9 through v4.14.290 Description: A memory leak was discovered in the vsock connect function. The issue was introduced in version v3.9 and is fixed in version v4.14.291. Recommendations: For Linux Kernel versions v3.9...

CVE-2022-35118

PyroCMS v3.9 was discovered to contain multiple cross-site scripting XSS vulnerabilities...

CVE-2022-35118

PyroCMS v3.9 was discovered to contain multiple cross-site scripting XSS vulnerabilities...

Cross site scripting

PyroCMS v3.9 was discovered to contain multiple cross-site scripting XSS vulnerabilities...

CVE-2022-35118

CVE-2022-35118 affects PyroCMS v3.9 with multiple cross-site scripting (XSS) vulnerabilities. The available documents confirm affected software and vulnerability type but do not provide explicit exploit details or affected component versions beyond v3.9. The base report lists a CVSS v3.1 score of...