Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2024-46832)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A security bypass vulnerability exists in a number of Mozilla products, whic...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-33891)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Kofax Power PDF Out-of-Bounds Read Vulnerability (CNVD-2024-33710)

Kofax Power PDF is a professional PDF editing and management software from Kofax. Kofax Power PDF suffers from an out-of-bounds read vulnerability that can be exploited by attackers to obtain sensitive information...

PT-2024-34814

Name of the Vulnerable Software and Affected Versions: CM Email Registration Blacklist and Whitelist WordPress plugin versions prior to 1.4.9 Description: The issue allows attackers to perform actions on the blacklist or whitelist menu without the admin's knowledge or consent, potentially leading...

NETGEAR ProSAFE SQL Injection Vulnerability (CNVD-2024-33910)

NETGEAR ProSAFE is a network management system from NETGEAR. NETGEAR ProSAFE suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary code...

CVE-2024-36680: SQL Injection Vulnerability in Facebook’s PrestaShop Module Exposes Thousands of E-commerce Sites to Credit Card Fraud

SQL Injection Exposure in Promokit.eu Threatens Facebook's PrestaShop Customers PrestaShop is a free, open-source E-commerce platform launched in 2007. Built with PHP and MySQL, it offers customizable, scalable solutions for online stores. Features include product management, inventory tracking,...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-34102)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Arbitrary File Read Vulnerability in UFIDA U8CRM at UFIDA Network Technology Co.

UFIDA U8CRM is a management software designed specifically for the agency sales and service industry, integrating CRM, call center and OA core applications, and providing front-end marketing, back-end business processing and employee management integrated applications. UFIDA U8CRM has an arbitrar...

RHEL 7 : gupnp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - hostapd: UPnP SUBSCRIBE misbehavior in WPS AP CVE-2020-12695 Note that Nessus has not tested for this issue but has...

TYPO3 Denial of Service in Online Media Asset Handling

Online Media Asset Handling .youtube and .vimeo files in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...

LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader

By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White. Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor APT were calling "LilacSquid." LilacSquids victimology includes a diverse...

Important: git

Issue Overview: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec Loca...

Cybozu Garoon Information Disclosure Vulnerability (CNVD-2024-29669)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. An information disclosure vulnerability exists in Cybozu Garoon. The vulnerability is caused due to a browsing...

XML Entity Injection Vulnerability in Zhiyuan A8+ Collaboration Management Software of Beijing Zhiyuan Internet Software Co.

Zhiyuan A8+ collaborative management software is an integrated portal platform and work portal for grouping control and business control designed for grouping, internationalization, industrial chain and large-scale organizations, foreign-related work organizations and organization groups for...

Google Android elevation of privilege vulnerability (CNVD-2024-27515)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by attackers to escalate privileges...

CVE-2023-42050 PDF-XChange Editor EMF File Parsing Use-After-Free Information Disclosure Vulnerability

PDF-XChange Editor EMF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must...

CVE-2024-27752

Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword field in the settings function...

Denial of Service Vulnerability in Multiple Mozilla Products (CNVD-2024-37197)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A denial of service vulnerability exists in several Mozilla products,...

PT-2024-9793 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a memory error in the realloc function within the tools/nolibc/stdlib component of the Linux kernel. This error occurs because realloc copies an extra sizeofhea...