PT-2024-11733 · Unknown · Online Flight Booking Management System

Name of the Vulnerable Software and Affected Versions: Online Flight Booking Management System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter in the feedback form. This enables the execution of...

BIT-DOTNET-2023-35390 .NET and Visual Studio Remote Code Execution Vulnerability

.NET and Visual Studio Remote Code Execution Vulnerability...

GHSA-7JWH-3VRQ-Q3M8

creationtimestamp| type| source ---|---|--- 2024-03-04 21:56:40+00:00| seen| https://t.me/ctinow/199628...

CVE-2023-52478

creationtimestamp| type| source ---|---|--- 2024-02-29 07:01:50+00:00| seen| Telegram/3RYyDDRRWL8HlFO03Hyz-PfKWP5zVI0iKDyRW9XUi2HnPAB 2024-02-29 07:21:58+00:00| seen| https://t.me/ctinow/196272 2024-02-29 07:26:38+00:00| seen| https://t.me/ctinow/196289 2024-02-29 12:41:19+00:00| seen|...

CVE-2024-25713

yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the poolfree function lacks loop checks. poolfree is part of the pool series allocator, along with poolmalloc and poolrealloc...

CVE-2024-21892

On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this...

GHSA-55XH-53M6-936R

creationtimestamp| type| source ---|---|--- 2024-02-15 16:52:04+00:00| seen| https://t.me/ctinow/185687...

CVE-2024-21365 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

...

openBI Code Injection Vulnerability

openBI is a big data visualization solution from openBI. A code injection vulnerability exists in openBI 1.0.8 and earlier versions, which stems from a problem with the index function in the /application/index/controller/Screen.php file, which could lead to code injection. Currently there are no...

GTKWave integer overflow vulnerability (CNVD-2024-37731)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. An integer overflow vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to cause arbitrary code execution via a specially crafted fst file...

GTKWave integer overflow vulnerability (CNVD-2024-37207)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. A code execution vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to potentially cause arbitrary code execution via a specially crafted fst file...

GTKWave Code Execution Vulnerability (CNVD-2024-36932)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. A code execution vulnerability exists in GTKWave version 3.3.118, which can be exploited by an attacker to potentially cause arbitrary code execution via a specially crafted fst file...

GTKWave Code Execution Vulnerability (CNVD-2024-36926)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. A code execution vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to cause arbitrary code execution via a specially crafted .lxt2 file...

GTKWave Code Execution Vulnerability (CNVD-2024-36925)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. A code execution vulnerability exists in GTKWave version 3.3.118, which can be exploited by an attacker to potentially cause arbitrary code execution via a specially crafted fst file...

GTKWave Arbitrary Write Vulnerability

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. An arbitrary write vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to cause arbitrary code execution via specially crafted .vcd files...

GTKWave code execution vulnerability (CNVD-2024-36927)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. A code execution vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to potentially cause arbitrary code execution via a specially crafted fst file...

CVE-2021-42028

A vulnerability has been identified in syngo fastView All versions. The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to...

GHSA-JPFP-XQ3P-4H3R

creationtimestamp| type| source ---|---|--- 2023-12-27 16:17:06+00:00| seen| https://t.me/ctinow/159670...

CVE-2023-32727 Code execution vulnerability in icmpping

An attacker who has the privilege to configure Zabbix items can use function icmpping with additional malicious command inside it to execute arbitrary code on the current Zabbix server...

PT-2023-8206 · Openssh +11 · Openssh +11

Name of the Vulnerable Software and Affected Versions: libssh affected versions not specified OpenSSH versions prior to 9.6p1 libssh versions prior to 0.10.6 and 0.9.8 Description: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname...