CVE Notify
19.4K subscribers
4 photos
206K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2024-27261
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986.

πŸŽ–@cveNotify
🚨 CVE-2024-31262
Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce Checkout Field Editor (Checkout Manager).This issue affects WooCommerce Checkout Field Editor (Checkout Manager): from n/a through 2.1.8.

πŸŽ–@cveNotify
🚨 CVE-2023-51409
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98.

πŸŽ–@cveNotify
🚨 CVE-2024-29461
An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component.

πŸŽ–@cveNotify
🚨 CVE-2024-2397
Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21.

πŸŽ–@cveNotify
🚨 CVE-2024-30845
Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters.

πŸŽ–@cveNotify
🚨 CVE-2024-31839
Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component.

πŸŽ–@cveNotify
🚨 CVE-2024-3686
A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file update_guide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260473 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

πŸŽ–@cveNotify
🚨 CVE-2024-3687
A vulnerability was found in bihell Dice 3.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260474 is the identifier assigned to this vulnerability.

πŸŽ–@cveNotify
🚨 CVE-2024-3688
A vulnerability was found in Xiamen Four-Faith RMP Router Management Platform 5.2.2. It has been declared as critical. This vulnerability affects unknown code of the file /Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=. The manipulation of the argument groupId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260476. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

πŸŽ–@cveNotify
🚨 CVE-2024-3704
SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database.

πŸŽ–@cveNotify
🚨 CVE-2024-3705
Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/M_Icons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell injection.

πŸŽ–@cveNotify
🚨 CVE-2024-3706
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored.

πŸŽ–@cveNotify
🚨 CVE-2024-3707
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.

πŸŽ–@cveNotify