BiliupApi (>=0.1.0 <=0.1.7), BrewStillery (>=6.0.1 <=6.0.2) +6288 more potentially affected by CVE-2024-12224 via idna (>=0.1.5 <=0.5.0)

idna CARGO version =0.1.5, =0.1.0, =6.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.3, =0.3.2, =1.0.3, =0.1.0, =0.1.0, =0.1.1, =0.1.8 and more Source cves: CVE-2024-12224 Source advisory: OSV:GHSA-H97M-WW89-6JMQ...

WordPress WPForms plugin 1.8.4-1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation vulnerability

Missing Authorization to Authenticated Subscriber+ Payment Refund and Subscription Cancellation vulnerability discovered by villu164 in WordPress Plugin Contact Form by WPForms versions 1.8.4-1.9.2.1...

CVE-2024-47146

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal...

CVE-2024-47043

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address...

Ruijie Networks ReyeeOS 安全漏洞

Ruijie Networks ReyeeOS is a router from Ruijie Networks China. A security vulnerability exists in Ruijie Networks ReyeeOS version 2.206.x up to and including 2.320.x. An attacker can exploit this vulnerability to invalidate a legitimate user's session and launch a denial of service attack agains...

Ruijie Networks ReyeeOS 安全漏洞

Ruijie Networks ReyeeOS is a router from Ruijie Networks China. A security vulnerability exists in Ruijie Networks ReyeeOS version 2.206.x up to and including version 2.320.x, which stems from the use of a weak credential mechanism. An attacker can easily compute MQTT credentials by exploiting th...

PT-2024-36063

Name of the Vulnerable Software and Affected Versions: ClipBucket-v5 versions 2.0 through 5.5.1 Revision 199 Description: ClipBucket V5 provides open source video hosting with PHP. The issue exists in the upload/photo upload.php file, specifically within the decode key function. This function...

Pegasystem PEGA Platform 安全漏洞

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem, USA. The platform is used to develop applications such as BPM Business Process Management, Case Management, Real-Time Decision Making and CRM Customer Relationship Management. A security vulnerability exists...

acir (>=0.44.0 <=0.46.0), age (>=0.9.0 <=0.9.3) +115 more potentially affected by unknown CVE via pprof (>=0.10.1 <=0.13.0)

pprof CARGO version =0.10.1, =0.44.0, =0.9.0, =0.4.2, =0.1.0, =0.3.0, =0.1.2, =0.1.0, =0.1.0, =0.1.0, =0.0.9, =0.1005.0, =0.44.0, =0.46.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0408...

raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2024-37302 via matrix-synapse (=0.33.9)

matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2024-37302 Source advisory: OSV:PYSEC-2024-286...

VulnCheck KEV: CVE-2024-36111

KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the...

cc.chensoul.nacos:nacos-distribution (=2.5.2), cn.sparrowmini:sparrow-org-service (=0.0.1) +606 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=5.8.0 <=5.8.15)

org.springframework.security:spring-security-core MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =1.48.0, =1.48.0, =1.48.0, =2.4.0, =2.4.0, =2.4.0, =2.6.0 and more Source cves: CVE-2024-38827 Source advisory: OSV:GHSA-Q3V6-HM2V-PW99...

Palantir Foundry 安全漏洞

Palantir Foundry is a business process management platform from US-based Palantir, Inc. A security vulnerability exists in Palantir Foundry versions 105.110.1 through 105.115.0, which stems from Objects Supported by Restricted Views OSV1 can be bypassed, allowing users not authorized to view such...

IBM Security Verify Access 安全漏洞

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...

PT-2024-31662 · Unknown · Fieldserver Gateway

Name of the Vulnerable Software and Affected Versions: MSA FieldServer Gateway versions 5.0.0 through 6.5.2 Description: The issue allows cross-origin WebSocket hijacking. This means that an attacker can potentially hijack WebSocket connections from a different origin, which could lead to...

PT-2024-27094 · Zulip · Zulip

Name of the Vulnerable Software and Affected Versions: Zulip versions 8.0 through 8.3 Description: The issue is related to a memory leak vulnerability in the handling of popovers. This vulnerability occurs in the specified versions of Zulip. Recommendations: For versions 8.0 through 8.3, update t...

ai.langsa:ccaas-starter (>=cloud-0.1 <=cloud-0.2.1), au.net.causal.shoelaces:shoelaces-liquibase-integration-tests-common (=2.0) +938 more potentially affected by CVE-2024-49203 via com.querydsl:querydsl-jpa (>=4.0.0 <=5.1.0)

com.querydsl:querydsl-jpa MAVEN version =4.0.0, =cloud-0.1, =1.0.2.RELEASE, =1.0.0.RELEASE, =1.1.8.RELEASE, =1.1.5.RELEASE, =1.2.7.RELEASE, =1.0.0.RELEASE, =1.0.0, =1.0.0, =1.0.1, =1.0.1, =1.0.1, =2.0.1, =2.1.18 and more Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...

io.github.openfeign.querydsl:querydsl-collections (>=5.0.1 <=5.6), io.github.openfeign.querydsl:querydsl-hibernate-search (>=5.0.1 <=5.6) +6 more potentially affected by CVE-2024-49203 via io.github.openfeign.querydsl:querydsl-apt (>=5.0.1 <=5.6)

io.github.openfeign.querydsl:querydsl-apt MAVEN version =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.6 Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...

IBM Cloud Pak for Data 安全漏洞

IBM Cloud Pak for Data is a cloud-native solution from International Business Machines IBM that allows customers to use data and analyze it quickly and efficiently. A resource management error vulnerability exists in IBM Cloud Pak for Data versions 4.0.0 through 5.0.2, which stems from not proper...

org.keycloak:keycloak-guides (>=15.1.0 <=15.1.1), org.keycloak:keycloak-guides-maven-plugin (>=15.1.0 <=15.1.1) +3 more potentially affected by CVE-2024-9666 via org.keycloak:keycloak-quarkus-server (>=15.0.0 <=15.1.1)

org.keycloak:keycloak-quarkus-server MAVEN version =15.0.0, =15.1.0, =15.1.0, =15.1.0, =15.0.0, =15.0.0, =15.1.1 Source cves: CVE-2024-9666 Source advisory: OSV:GHSA-JGWC-JH89-RPGQ...