๐จ CVE-2024-41703
LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed version release has started in PR 3363.)
๐@cveNotify
LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed version release has started in PR 3363.)
๐@cveNotify
GitHub
[Bug]: Responsible Disclosure of Potential Security Vulnerabilities ยท danny-avila LibreChat ยท Discussion #3315
What happened? The AppSec team at REA Group have performed a penetration test of LibreChat and have discovered a number of security vulnerabilities. We would like to work with the maintainer of Lib...
๐จ CVE-2024-41704
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a fixed version release has started in PR 3363.)
๐@cveNotify
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a fixed version release has started in PR 3363.)
๐@cveNotify
GitHub
[Bug]: Responsible Disclosure of Potential Security Vulnerabilities ยท danny-avila LibreChat ยท Discussion #3315
What happened? The AppSec team at REA Group have performed a penetration test of LibreChat and have discovered a number of security vulnerabilities. We would like to work with the maintainer of Lib...
๐จ CVE-2024-41709
Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission.
๐@cveNotify
Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission.
๐@cveNotify
๐จ CVE-2024-5004
The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
๐@cveNotify
The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
๐@cveNotify
WPScan
CM Popup Plugin for WordPress < 1.6.6 - Contributor+ Stored XSS
See details on CM Popup Plugin for WordPress < 1.6.6 - Contributor+ Stored XSS CVE 2024-5004. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-5529
The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
๐@cveNotify
The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
๐@cveNotify
WPScan
WP QuickLaTeX < 3.8.8 - Admin+ Stored XSS
See details on WP QuickLaTeX < 3.8.8 - Admin+ Stored XSS CVE 2024-5529. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-5973
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.
๐@cveNotify
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.
๐@cveNotify
WPScan
MasterStudy LMS < 3.3.24 - Privilege Escalation to Instructor
See details on MasterStudy LMS < 3.3.24 - Privilege Escalation to Instructor CVE 2024-5973. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-6243
The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disabled.
๐@cveNotify
The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disabled.
๐@cveNotify
WPScan
HTML Forms < 1.3.33 - Admin+ Stored XSS
See details on HTML Forms < 1.3.33 - Admin+ Stored XSS CVE 2024-6243. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-6244
The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
๐@cveNotify
The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
๐@cveNotify
WPScan
pz-frontend-manager < 1.0.6 - CSRF change user profile picture
See details on pz-frontend-manager < 1.0.6 - CSRF change user profile picture CVE 2024-6244. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-6271
The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack
๐@cveNotify
The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack
๐@cveNotify
WPScan
Community Events < 1.5 - Event Deletion via CSRF
See details on Community Events < 1.5 - Event Deletion via CSRF CVE 2024-6271. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-39236
Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself.
๐@cveNotify
Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself.
๐@cveNotify
GitHub
PoC/Gradio.md at main ยท Aaron911/PoC
Contribute to Aaron911/PoC development by creating an account on GitHub.
๐จ CVE-2024-37391
ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss.
๐@cveNotify
ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss.
๐@cveNotify
GitHub
Fix drive installer path ยท ProtonVPN/win-app@2e4e250
Official ProtonVPN Windows app. Contribute to ProtonVPN/win-app development by creating an account on GitHub.
๐จ CVE-2024-40430
In SFTPGO 2.6.2, the JWT implementation lacks cerrtain security measures, such as using JWT ID (JTI) claims, nonces, and proper expiration and invalidation mechanisms.
๐@cveNotify
In SFTPGO 2.6.2, the JWT implementation lacks cerrtain security measures, such as using JWT ID (JTI) claims, nonces, and proper expiration and invalidation mechanisms.
๐@cveNotify
๐จ CVE-2023-51437
Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.
Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file.
Any component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker.
2.11 Pulsar users should upgrade to at least 2.11.3.
3.0 Pulsar users should upgrade to at least 3.0.2.
3.1 Pulsar users should upgrade to at least 3.1.1.
Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions.
For additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .
๐@cveNotify
Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.
Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file.
Any component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker.
2.11 Pulsar users should upgrade to at least 2.11.3.
3.0 Pulsar users should upgrade to at least 3.0.2.
3.1 Pulsar users should upgrade to at least 3.1.1.
Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions.
For additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .
๐@cveNotify
๐จ CVE-2024-27316
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
๐@cveNotify
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
๐@cveNotify
๐จ CVE-2024-39863
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.
๐@cveNotify
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.
๐@cveNotify
GitHub
Validating provider description for urls in provider list view by amoghrajesh ยท Pull Request #40475 ยท apache/airflow
Validating URLs in Provider Descriptions for Provider List View
^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an A...
^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an A...
๐จ CVE-2024-0857
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection.This issue affects FlexWater Corporate Water Management: before 5.452.0.
๐@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection.This issue affects FlexWater Corporate Water Management: before 5.452.0.
๐@cveNotify
๐จ CVE-2024-37245
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vsourz Digital All In One Redirection allows Reflected XSS.This issue affects All In One Redirection: from n/a through 2.2.0.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vsourz Digital All In One Redirection allows Reflected XSS.This issue affects All In One Redirection: from n/a through 2.2.0.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress All In One Redirection Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
โค1
๐จ CVE-2024-37246
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jethin Gallery Slideshow allows Stored XSS.This issue affects Gallery Slideshow: from n/a through 1.4.1.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jethin Gallery Slideshow allows Stored XSS.This issue affects Gallery Slideshow: from n/a through 1.4.1.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Gallery Slideshow Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2024-37257
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.3.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.3.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Permalink Manager Lite Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2024-37258
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Social Rocket allows Reflected XSS.This issue affects Social Rocket: from n/a through 1.3.3.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Social Rocket allows Reflected XSS.This issue affects Social Rocket: from n/a through 1.3.3.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Social Rocket Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2024-37259
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit โ WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit โ WP Extended: from n/a through 2.4.7.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit โ WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit โ WP Extended: from n/a through 2.4.7.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress The Ultimate WordPress Toolkit โ WP Extended Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.