🚨 CVE-2024-33665
angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks.
🎖@cveNotify
angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks.
🎖@cveNotify
Herodevs
Vulnerability Directory | End-of-Life Open Source Software | HeroDevs
These frameworks in your tech stack are vulnerable. Switch to Never-Ending Support from HeroDevs to immediately mitigate these vulnerabilities.
🚨 CVE-2024-33308
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.
🎖@cveNotify
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.
🎖@cveNotify
GitHub
GitHub - aaravavi/TVS-Connect-Application-VAPT: This repository contains a detailed list of all the vulnerabilities, found accorss…
This repository contains a detailed list of all the vulnerabilities, found accorss the TVS Connect mobile application by the security team at FEV LTD. - aaravavi/TVS-Connect-Application-VAPT
🚨 CVE-2024-33309
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.
🎖@cveNotify
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.
🎖@cveNotify
GitHub
GitHub - aaravavi/TVS-Connect-Application-VAPT: This repository contains a detailed list of all the vulnerabilities, found accorss…
This repository contains a detailed list of all the vulnerabilities, found accorss the TVS Connect mobile application by the security team at FEV LTD. - aaravavi/TVS-Connect-Application-VAPT
🚨 CVE-2024-33103
An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a misconfiguration of the product.
🎖@cveNotify
An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a misconfiguration of the product.
🎖@cveNotify
GitHub
DokuWiki 2024-02-06a has a stored XSS vulnerability · Issue #4267 · dokuwiki/dokuwiki
Summary DokuWiki 2024-02-06a has a storage XSS vulnerability, an attacker can upload a malicious svg file to obtain other users' cookies. Details We found that in the Media Manager, it is allow...
🚨 CVE-2024-34149
In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots20231115, tapscript lacks a policy size limit check, a different issue than CVE-2023-50428. NOTE: some parties oppose this new limit check (for example, because they agree with the objective but disagree with the technical mechanism, or because they have a different objective).
🎖@cveNotify
In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots20231115, tapscript lacks a policy size limit check, a different issue than CVE-2023-50428. NOTE: some parties oppose this new limit check (for example, because they agree with the objective but disagree with the technical mechanism, or because they have a different objective).
🎖@cveNotify
GitHub
Policy: Enforce witness script size limit for tapscript by luke-jr · Pull Request #29769 · bitcoin/bitcoin
Tapscript is missing the policy size limit check. The limit is inconsistent between witness and scriptSig, so for now this uses the (higher) witness size limit.
We should probably unify these on a ...
We should probably unify these on a ...
🚨 CVE-2024-34449
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true.
🎖@cveNotify
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true.
🎖@cveNotify
GitHub
vditor/README_en_US.md at b3a14d6e4462b0c17141e1fcc66173264ada64e0 · Vanessa219/vditor
♏ 一款浏览器端的 Markdown 编辑器,支持所见即所得(富文本)、即时渲染(类似 Typora)和分屏预览模式。An In-browser Markdown editor, support WYSIWYG (Rich Text), Instant Rendering (Typora-like) and Split View modes. - Vanessa219/vditor
🚨 CVE-2024-34523
AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
🎖@cveNotify
AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
🎖@cveNotify
GitHub
AChecker/checker/download.php at main · inclusive-design/AChecker
Automated interactive Web content accessibility checker. - inclusive-design/AChecker
🚨 CVE-2024-34365
** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
🎖@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
🎖@cveNotify
🚨 CVE-2024-34749
Phormer prior to version 3.35 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote unauthenticated attacker may execute an arbitrary script on the web browser of the user.
🎖@cveNotify
Phormer prior to version 3.35 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote unauthenticated attacker may execute an arbitrary script on the web browser of the user.
🎖@cveNotify
p.horm.org
Phormer, the PHP without MySQL PhotoGallery Manager
🚨 CVE-2024-34997
joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content.
🎖@cveNotify
joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content.
🎖@cveNotify
GitHub
an unsafe use of pickle · Issue #1582 · joblib/joblib
Python 3.9.13, joblib 1.4.2 joblib.numpy_pickle::NumpyArrayWrapper().read_array() use pickle.load() to deserialize data, which may allows to execute evil code locally,if the project runs on a publi...
🚨 CVE-2024-33900
KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.
🎖@cveNotify
KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.
🎖@cveNotify
Gist
POC: CVE-2024-33900, CVE-2024-33901
POC: CVE-2024-33900, CVE-2024-33901. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2024-33901
Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.
🎖@cveNotify
Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.
🎖@cveNotify
Gist
POC: CVE-2024-33900, CVE-2024-33901
POC: CVE-2024-33900, CVE-2024-33901. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2024-35329
libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application, which was making use of the libyaml library, omitted the required calls to the yaml_document_initialize and yaml_document_delete functions.
🎖@cveNotify
libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application, which was making use of the libyaml library, omitted the required calls to the yaml_document_initialize and yaml_document_delete functions.
🎖@cveNotify
🚨 CVE-2024-34451
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers.
🎖@cveNotify
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers.
🎖@cveNotify
Google Docs
Ghost CMS - Brute Force Protection Bypass CVE
** As I disclosed the vulnerability to them via email, there is no link to paste. However, I’m pasting here the correspondence with Ghost team ** As stated in the previous email, the vulnerability includes a bypass in the implementation of the Brute Force…
🚨 CVE-2024-34580
Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly" and are not "at fault."
🎖@cveNotify
Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly" and are not "at fault."
🎖@cveNotify
Google Cloud Blog
Apache XML Security for C++ Library Allows for Server-Side Request Forgery | Google Cloud Blog
A default configuration in an Apache library could lead to server-side request forgery.
🚨 CVE-2024-35260
An authenticated attacker can exploit an Untrusted Search Path vulnerability in Microsoft Dataverse to execute code over a network.
🎖@cveNotify
An authenticated attacker can exploit an Untrusted Search Path vulnerability in Microsoft Dataverse to execute code over a network.
🎖@cveNotify
🚨 CVE-2024-34588
Improper input validation혻in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
🎖@cveNotify
Improper input validation혻in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
🎖@cveNotify
🚨 CVE-2024-32861
Under certain circumstances the Software House C●CURE 9000 Site Server provides insufficient protection of directories containing executables.
🎖@cveNotify
Under certain circumstances the Software House C●CURE 9000 Site Server provides insufficient protection of directories containing executables.
🎖@cveNotify
🚨 CVE-2024-7378
A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_question.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273362 is the identifier assigned to this vulnerability.
🎖@cveNotify
A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_question.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273362 is the identifier assigned to this vulnerability.
🎖@cveNotify
Gist
sourcecodester_Simple Realtime Quiz System_SQL_INJECTION_10.md
GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2024-36361
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers.
🎖@cveNotify
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers.
🎖@cveNotify
GitHub
Added more checks by molangning · Pull Request #3428 · pugjs/pug
If templateName gets injected attackers can inject arbitrary code.
Example payload: templateName="a(){}; function template (locals) {var pug_html = process.mainModule.require('fs&a...
Example payload: templateName="a(){}; function template (locals) {var pug_html = process.mainModule.require('fs&a...
🚨 CVE-2024-35548
A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection.
🎖@cveNotify
A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection.
🎖@cveNotify
MyBatis-Plus
预防安全漏洞