Drupal Block permissions module 1.0.0-1.1.9 - Administrator+ Broken Access Control vulnerability

Administrator+ Broken Access Control vulnerability discovered by Francesco Sardara in WordPress Module Block permissions versions 1.0.0-1.1.9...

CVE-2024-45330

A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests...

PT-2024-7176 · Sap · Sap Hana Node.Js Client Package

Name of the Vulnerable Software and Affected Versions: SAP HANA Node.js client package versions 2.0.0 through 2.21.30 Description: The issue is related to a Prototype Pollution vulnerability in the SAP HANA Node.js client package, specifically affecting the nestTables feature. This vulnerability...

PT-2024-30888 · Trustmary · Trustmary Review & Testimonial Widgets

Name of the Vulnerable Software and Affected Versions: Trustmary Review & testimonial widgets versions 1.0.0 through 1.0.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in...

3vot-salesforce-proxy (>=0.0.1 <=0.1.6), @alesmenzel/express.io (=2.0.0) +1030 more potentially affected by CVE-2024-9266 via express (>=3.4.5 <=3.9.0)

express NPM version =3.4.5, =0.0.1, =0.25.0, =1.0.4, =0.0.1, =1.5.0, =1.1.13, =1.4.5, =1.5.0, =1.6.0 - @gaia-cli-dev/log =1.5.3 - @gaia-cli-dev/npm-get-info =1.5.3 and more Source cves: CVE-2024-9266 Source advisory: OSV:GHSA-JJ78-5FMV-MV28...

PT-2024-32825

Name of the Vulnerable Software and Affected Versions Wasmtime versions 19.0.0 through 20.0.0 Wasmtime versions 21.0.0 through 21.0.1 Wasmtime versions 22.0.0 Wasmtime versions 23.0.0 through 23.0.2 Wasmtime versions 24.0.0 Wasmtime versions 25.0.0 through 25.0.1 Description A race condition in...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1603 more potentially affected by CVE-2024-47803 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.462.2)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2024-47803 Source advisory: OSV:GHSA-PJ95-PH4Q-4QM4...

org.glassfish.main.admingui:console-commandrecorder-plugin (=7.0.16), org.glassfish.main.featuresets:debug (>=6.2.5 <=7.0.16) +3 more potentially affected by CVE-2024-9329 via org.glassfish.main.admin:rest-service (>=5.0.1 <=7.0.16)

org.glassfish.main.admin:rest-service MAVEN version =5.0.1, =6.2.5, =5.0.1, =5.0.1, =5.0.1, =7.0.16 Source cves: CVE-2024-9329 Source advisory: OSV:GHSA-JQ3F-MFMG-747X...

Computer Vision Annotation Tool 安全漏洞

Computer Vision Annotation Tool CVAT is a cvat.ai open source interactive video and image annotation tool for computer vision. A security vulnerability exists in Computer Vision Annotation Tool versions 2.0.0 through 2.19.0 that originates from an attacker with an account that can retrieve certai...

CVE-2024-38861

Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4amk through 2.0a...

4game-support-ckeditor5-custom-build (>=0.0.1 <=0.0.5), @_mehrad/ckeditor5-build-mmr (>=41.3.1 <=42.0.3) +586 more potentially affected by CVE-2024-45613 via @ckeditor/ckeditor5-clipboard (>=40.0.0 <=43.1.0)

@ckeditor/ckeditor5-clipboard NPM version =40.0.0, =0.0.1, =41.3.1, =2.1.0, =1.0.1, =0.0.1, =0.0.1, =1.0.0, =0.0.0-Beta1, =0.0.17-Beta, =0.0.15-Beta78, =0.0.1, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2024-45613 Source advisory: OSV:GHSA-RGG8-G5X8-WR9V...

PT-2024-31709 · Unknown · Ckeditor 5

Name of the Vulnerable Software and Affected Versions: CKEditor 5 versions 40.0.0 through 43.1.1 Description: A Cross-Site Scripting XSS issue is present in the CKEditor 5 clipboard package, which could be triggered by a specific user action, leading to unauthorized JavaScript code execution if a...

CKEditor 跨站脚本漏洞

CKEditor is an open source, web-based text editor from the individual developer Marek Lewandowski. A cross-site scripting vulnerability exists in CKEditor 5 version 40.0.0 to versions prior to 43.1.1, which stems from the presence of cross-site scripting XSS that can lead to unauthorized JavaScri...

Xmpp 安全漏洞

Xmpp is a set of Xmpp-related libraries and tools for Go open-sourced by the Mellium Co-op. A security vulnerability exists in Xmpp versions 0.0.1 through 0.21.4 that stems from an unchecked section type, which allows response spoofing...

IBM Aspera Console 安全漏洞

IBM Aspera Console is a Web-based application from International Business Machines IBM, Inc. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A security vulnerability exists in IBM Aspera Console versions 3.4.0 through 3.4.4 that stems from a failure to s...

@12joan/plate-tabbable (=19.4.0), @antv/narrative-text-editor (>=0.1.1 <=0.2.20) +173 more potentially affected by CVE-2024-47061 via @udecode/plate-core (>=10.0.0 <=21.5.0)

@udecode/plate-core NPM version =10.0.0, =0.1.1, =1.0.103, =1.3.0, =2.19.0, =1.0.1, =0.1.49, =0.0.1, =0.0.7, =0.0.1, =0.0.1, =0.0.3, =0.10.0, =0.11.0 and more Source cves: CVE-2024-47061 Source advisory: OSV:GHSA-73RG-F94J-XVHX...

eNMS 安全漏洞

eNMS is a network automation platform from eNMS Open Source. A security vulnerability exists in eNMS versions 4.4.0 through 4.7.1, which stems from vulnerability to directory traversal attacks via uploadfiles...

Cellopoint Secure Email Gateway 安全漏洞

Cellopoint Secure Email Gateway Cellopoint SEG is a secure email gateway from Cellopoint Corporation in China. A security vulnerability exists in Cellopoint Secure Email Gateway versions 4.2.1 through 4.5.0 that originates from a buffer overflow during the authentication process, which allows a...

cc.chensoul.nacos:core-test (=2.5.2), cc.chensoul.nacos:nacos-address (=2.5.2) +381 more potentially affected by CVE-2024-46983 via com.alipay.sofa:hessian (>=3.3.0 <=3.5.4)

com.alipay.sofa:hessian MAVEN version =3.3.0, =3.5.4 is affected by a known vulnerability. The following packages have a transitive dependency on com.alipay.sofa:hessian and may be impacted: - cc.chensoul.nacos:core-test =2.5.2 - cc.chensoul.nacos:nacos-address =2.5.2 - cc.chensoul.nacos:nacos-cm...

PT-2024-24140 · Freeimage +2 · Freeimage +2

Name of the Vulnerable Software and Affected Versions: FreeImage versions 3.4.0 through 3.18.0 Description: The issue is a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file. This occurs in the libfreeimage library. Recommendations: For versions 3.4.0 through 3.18.0,...