PT-2024-30529 · Zkvyper · Zkvyper

Name of the Vulnerable Software and Affected Versions: zkvyper versions 1.3.12 through 1.5.3 Description: The issue arises from the compilation of LLL IR to a loop with a late exit condition, potentially leading to a loss of funds or unwanted behavior if the loop body contains specific conditions...

Kingsoft WPS Office 路径遍历漏洞

Kingsoft WPS Office is a kind of office software from Kingsoft China. It provides document processing functions. A path traversal vulnerability exists in Kingsoft WPS Office versions 12.2.0.13110 through 12.2.0.13489, which stems from improper path validation in promecefpluginhost.exe. An attacke...

PT-2024-38321 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9 through 9.3.2 Concrete CMS versions below 8.5.18 Description: The issue concerns a Stored XSS vulnerability in the getAttributeSetName function. A rogue administrator could inject malicious code. Recommendations: For...

11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.0.11.0) +240 more potentially affected by CVE-2024-41989 via django (>=5.0.0 <=5.0.7)

django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =0.1.0, =0.2.5 and more Source cves: CVE-2024-41989 Source advisory: OSV:GHSA-JH75-99HH-QVX9...

aldryn-django (=4.2.10.0), am-report (=0.1.5) +81 more potentially affected by CVE-2024-42005 via django (>=4.2.0 <=4.2.14)

django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-42005 Source advisory: OSV:PYSEC-2024-70...

SUSE CVE-2024-6782

Improper access control in Calibre 6.9.0 7.14.0 allow unauthenticated attackers to achieve remote code execution...

ai.grakn:grakn-dist (=0.16.0), ai.grakn:grakn-engine (=0.16.0) +1573 more potentially affected by CVE-2023-42809 via org.redisson:redisson (>=1.0.1 <=3.21.3)

org.redisson:redisson MAVEN version =1.0.1, =1.0, =1.2.1, =1.0.0, =2.2.13.RELEASE, =1.3.0, =1.0.0, =1.0.0, =0.0.1, =1.0.3 and more Source cves: CVE-2023-42809 Source advisory: OSV:GHSA-4HVC-QWR2-F8RV...

PT-2024-22869 · Arm · Arm 5Th Gen Gpu Architecture Kernel Driver +2

Name of the Vulnerable Software and Affected Versions: Arm Ltd Bifrost GPU Kernel Driver versions r41p0 through r49p0 Arm Ltd Valhall GPU Kernel Driver versions r41p0 through r49p0 Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver versions r41p0 through r49p0 Description: The issue allows a loca...

PT-2024-28258 · Horizon Business Services Inc. · Caterease

Name of the Vulnerable Software and Affected Versions: Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 Description: The issue allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary...

Horizon Business Services Caterease 安全漏洞

Horizon Business Services Caterease is an event planning and catering software from Horizon Business Services, USA. A security vulnerability exists in Horizon Business Services Caterease versions 16.0.1.1663 through 24.0.1.2405 and later versions, which originates from the cleartext transmission ...

Horizon Business Services Caterease 安全漏洞

Horizon Business Services Caterease is an event planning and catering software from Horizon Business Services, USA. A security vulnerability exists in Horizon Business Services Caterease versions 16.0.1.1663 through 24.0.1.2405 and later versions, which stems from the use of unsalted unidirection...

Horizon Business Services Caterease 安全漏洞

Horizon Business Services Caterease is an event planning and catering software from Horizon Business Services, USA. A security vulnerability exists in Horizon Business Services Caterease versions 16.0.1.1663 through 24.0.1.2405 and later versions, which stems from the selection of less secure...

Concrete CMS 跨站脚本漏洞

Concrete CMS is a team-oriented open source content management system from Concrete CMS Open Source. A cross-site scripting vulnerability exists in Concrete CMS versions 9.0.0 through 9.3.2, which stems from being affected by a stored cross-site scripting vulnerability in the Generate Dashboard...

com.farcsal.dql:query-es (=0.8.0), com.github.ben-manes.caffeine:simulator (>=3.0.4 <=3.0.5) +12 more potentially affected by CVE-2024-23444 via org.elasticsearch:elasticsearch (>=8.0.0-alpha1 <=8.12.2)

org.elasticsearch:elasticsearch MAVEN version =8.0.0-alpha1, =3.0.4, =1.2.0, =0.83.0, =7.23.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.10.0, =1.6.es801.0, =8.0.0, =8.12.2 Source cves: CVE-2024-23444 Source advisory: OSV:GHSA-5V8F-XX9M-WJ44...

SKYSEA Client View 安全漏洞

SKYSEA Client View is a software that supports information leakage countermeasures and IT operations management from SKYSEA Japan. A security vulnerability exists in SKYSEA Client View versions 6.010.06 through 19.210.04e, which stems from the presence of an incorrect privilege assignment...

VulnCheck KEV: CVE-2021-40684

Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running...

ALPINE-CVE-2024-0760

A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0...

ABB Advant MOD 300 AdvaBuild 安全漏洞

ABB Advant MOD 300 AdvaBuild is an industrial control system from ABB Switzerland. A security vulnerability exists in ABB Advant MOD 300 AdvaBuild versions 3.0 through 3.7 SP2, which originates from an attacker who can cause a denial-of-service attack by injecting garbage data or specially crafte...

PT-2024-10763 · Abb +1 · Advant Mod 300 Advabuild +1

Name of the Vulnerable Software and Affected Versions: Advant MOD 300 AdvaBuild versions 3.0 through 3.7 SP2 Description: An attacker could exploit the issue by injecting specially crafted data, potentially causing a denial-of-service attack through process crashes or communication issues on the...

PT-2024-27648 · Envato · Envato Template Kit

Name of the Vulnerable Software and Affected Versions: Envato Template Kit – Export versions 1.0.0 through 1.0.22 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...