CHANGING CGFIDO 安全漏洞

CHANGING CGFIDO is a passwordless authentication system from China-based CHANGING. A security vulnerability exists in CHANGING CGFIDO versions 0.0.1 through 1.1.0, which originates from an authentication bypass vulnerability in the passwordless login mechanism that allows a remote attacker with...

PT-2024-17909 · Softiron · Softiron Hypercloud

Name of the Vulnerable Software and Affected Versions: SoftIron HyperCloud versions 2.3.0 through 2.4.x Description: An issue exists where authenticated, but non-admin users can create data pools, potentially impacting the performance and availability of the backend software-defined storage...

UBUNTU-CVE-2024-56732

HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function...

marp-core 跨站脚本漏洞

marp-core is a Marp open source core for a Marp converter. A cross-site scripting vulnerability exists in marp-core versions v3.0.2 through v3.9.0 and v4.0.0, which stems from improper neutralization of HTML cleanup and is vulnerable to cross-site scripting attacks...

Apache HugeGraph 安全漏洞

Apache HugeGraph is a fast and scalable graph database from the Apache USA Foundation. A security vulnerability exists in Apache HugeGraph version 1.0.0 through versions prior to 1.5.0, which stems from the presence of an assumed immutable data vulnerability that could allow an attacker to bypass...

a-api-server (=1.3.0), aau-ais-dipaal (>=0.1.22 <=0.1.29) +2298 more potentially affected by CVE-2024-56201 via jinja2 (>=3.0.0 <=3.1.4)

jinja2 PYPI version =3.0.0, =0.1.22, =1.0.2, =0.0.2, =0.0.1, =0.0.1, =1.0.0, =1.3.0, =1.5.2, =1.5.6 and more Source cves: CVE-2024-56201 Source advisory: SNYK:PYTHON-JINJA2-8548987...

PT-2025-1616 · WordPress · Updraftplus: Wp Backup & Migration Plugin

Name of the Vulnerable Software and Affected Versions: UpdraftPlus: WP Backup & Migration Plugin versions 1.23.8 through 1.24.11 Description: The UpdraftPlus: WP Backup & Migration Plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input in the recursive...

DEBIAN-CVE-2024-9101

A reflected cross-site scripting XSS vulnerability in the 'Entry Chooser' of phpLDAPadmin version 1.2.1 through the latest version, 1.2.6.7 allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' functio...

UBUNTU-CVE-2024-9102

phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value CSV file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet...

phpLDAPadmin 安全漏洞

phpLDAPadmin is a web-based LDAP client from the phpLDAPadmin Personal Developer, which is primarily used to manage LDAP servers. A security vulnerability exists in phpLDAPadmin versions 1.2.0 through 1.2.6.7. An attacker exploiting this vulnerability can cause CSV formula injection...

PT-2024-36618 · Trend Micro · Trend Micro Deep Security Agent

Name of the Vulnerable Software and Affected Versions: Trend Micro Deep Security Agent versions 20.0.1-9400 through 20.0.1-23340 Description: An incorrect permissions assignment issue could allow a local attacker to escalate privileges on affected installations. To exploit this issue, an attacker...

phpLDAPadmin 安全漏洞

phpLDAPadmin is a web-based LDAP client from the phpLDAPadmin personal developer, which is primarily used to manage LDAP servers. A security vulnerability exists in phpLDAPadmin versions 1.2.1 through 1.2.6.7, which stems from the presence of a reflective cross-site scripting vulnerability that...

ai.tripl:arc-kafka-pipeline-plugin_2.12 (>=1.0.0 <=1.15.1), cn.antcore:AntKafka (>=0.0.1-RELEASE <=0.0.2-RELEASE) +422 more potentially affected by CVE-2024-56128 via org.apache.kafka:kafka_2.12 (>=0.10.2.0 <=3.7.1)

org.apache.kafka:kafka2.12 MAVEN version =0.10.2.0, =1.0.0, =0.0.1-RELEASE, =0.0.1-RELEASE, =0.0.1-RELEASE, =1.2.0-RELEASE, =0.0.1, =0.3.0, =1.1.1, =1.0.8-netty, =1.0.8-netty, =6.0.1, =6.0.1, =6.0.1, =6.0.1, =6.0.1, =6.2.3 and more Source cves: CVE-2024-56128 Source advisory: OSV:GHSA-P7C9-8XX8-H...

@ampt/astro (=0.0.1-beta.1), @asherng/css-ui (>=0.0.17 <=0.0.18) +192 more potentially affected by CVE-2024-56140 via astro (>=0.20.12 <=4.16.16)

astro NPM version =0.20.12, =0.0.17, =0.0.2, =0.0.1, =0.2.0, =0.0.1, =0.1.30, =1.0.0, =1.0.0, =3.6.0, =3.10.1 - @bookshop/browser =3.11.0-rc.0 - @bookshop/generate =3.11.0-rc.0 and more Source cves: CVE-2024-56140 Source advisory: OSV:GHSA-C4PW-33H3-35XW...

FORT Validator 安全漏洞

FORT Validator is a NICMx open source RPKI dependency and RTR server. A security vulnerability exists in FORT Validator versions 1.6.4 through 2.0.0 that stems from the inclusion of an integrity validation issue...

Apache Kafka 安全漏洞

Apache Kafka is an open source distributed streaming platform from the Apache USA Foundation. The platform is capable of fetching real-time data for building applications that react in real-time to changes in the data stream. A security vulnerability exists in Apache Kafka versions 0.10.2.0 throu...

IBM Storage Defender 安全漏洞

IBM Storage Defender is a solution from International Business Machines IBM that provides end-to-end data resiliency. A security vulnerability exists in IBM Storage Defender versions 2.0.0 through 2.0.9, which stems from the presence of user credentials stored in plain text that can be read by an...

PT-2024-10872 · Ibm · Ibm Sterling B2B Integrator Standard Edition

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator Standard Edition versions 5.2.0.0 through 6.1.1.0 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials...

CVE-2023-37887

Missing Authorization vulnerability in WPSchoolPress Team WPSchoolPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through 2.2.7...

CVE-2023-37967

Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2...