🚨 CVE-2024-45269
WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.
🎖@cveNotify
WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.
🎖@cveNotify
GitHub
GitHub - majeedraza1/carousel-slider: Carousel Slider is an AI-powered tool for creating stunning, SEO-friendly carousels. Easily…
Carousel Slider is an AI-powered tool for creating stunning, SEO-friendly carousels. Easily showcase images, videos, logos, or content to boost engagement. Features include auto-generated sliders p...
🚨 CVE-2024-45270
WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.
🎖@cveNotify
WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.
🎖@cveNotify
GitHub
GitHub - majeedraza1/carousel-slider: Carousel Slider is an AI-powered tool for creating stunning, SEO-friendly carousels. Easily…
Carousel Slider is an AI-powered tool for creating stunning, SEO-friendly carousels. Easily showcase images, videos, logos, or content to boost engagement. Features include auto-generated sliders p...
🚨 CVE-2024-41160
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.
🎖@cveNotify
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.
🎖@cveNotify
🚨 CVE-2024-44930
Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.
🎖@cveNotify
Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.
🎖@cveNotify
GitHub
ClientIp enricher should have a way to not read X-Forwarded-For · Issue #29 · serilog-contrib/serilog-enrichers-clientinfo
Instead of directly reading the X-Forwarded-Header by default, it's much better to use the ForwardedHeaders middleware (https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-...
🚨 CVE-2024-41434
PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component (*Column).GetDecimal. This allows attackers to cause a Denial of Service (DoS) via a crafted input to the 'RemoveUnnecessaryFirstRow', it will check the expression between 'Agg' and 'GroupBy', but does not check the return type.
🎖@cveNotify
PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component (*Column).GetDecimal. This allows attackers to cause a Denial of Service (DoS) via a crafted input to the 'RemoveUnnecessaryFirstRow', it will check the expression between 'Agg' and 'GroupBy', but does not check the return type.
🎖@cveNotify
Gist
CVE-2024-41434
GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2024-45389
Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of `document.currentScript.src`. Prior to Pagefind version 1.1.1, it is possible to "clobber" this lookup with otherwise benign HTML on the page. This will cause `document.currentScript.src` to resolve as an external domain, which will then be used by Pagefind to load dependencies. This exploit would only work in the case that an attacker could inject HTML to a live, hosted, website. In these cases, this would act as a way to escalate the privilege available to an attacker. This assumes they have the ability to add some elements to the page (for example, `img` tags with a `name` attribute), but not others, as adding a `script` to the page would itself be the cross-site scripting vector. Pagefind has tightened this resolution in version 1.1.1 by ensuring the source is loaded from a valid script element. There are no reports of this being exploited in the wild via Pagefind.
🎖@cveNotify
Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of `document.currentScript.src`. Prior to Pagefind version 1.1.1, it is possible to "clobber" this lookup with otherwise benign HTML on the page. This will cause `document.currentScript.src` to resolve as an external domain, which will then be used by Pagefind to load dependencies. This exploit would only work in the case that an attacker could inject HTML to a live, hosted, website. In these cases, this would act as a way to escalate the privilege available to an attacker. This assumes they have the ability to add some elements to the page (for example, `img` tags with a `name` attribute), but not others, as adding a `script` to the page would itself be the cross-site scripting vector. Pagefind has tightened this resolution in version 1.1.1 by ensuring the source is loaded from a valid script element. There are no reports of this being exploited in the wild via Pagefind.
🎖@cveNotify
GitHub
Merge pull request #696 from CloudCannon/fix/dom-clobber · Pagefind/pagefind@14ec968
Add safety checks around accesses for `document.currentScript.src`
🚨 CVE-2024-45390
@blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.2.0 contains a patch. As a workaround, don't pass untrusted input as the template display name, or don't use the display name feature.
🎖@cveNotify
@blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.2.0 contains a patch. As a workaround, don't pass untrusted input as the template display name, or don't use the display name feature.
🎖@cveNotify
GitHub
Remove template display name · blakeembrey/js-template@b8d9aa9
Fast and simple string templates. Contribute to blakeembrey/js-template development by creating an account on GitHub.
🚨 CVE-2024-45391
Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2. Upgrading and rotating the search token is required for the proper fix.
🎖@cveNotify
Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2. Upgrading and rotating the search token is required for the proper fix.
🎖@cveNotify
GitHub
fix: @tinacms/cli: prevent search config from getting written to lock… · tinacms/tinacms@110f1ce
… file (#4758)
🚨 CVE-2024-45678
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. Other uses of an Infineon cryptographic library may also be affected.
🎖@cveNotify
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. Other uses of an Infineon cryptographic library may also be affected.
🎖@cveNotify
Ars Technica
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
Sophisticated attack breaks security assurances of the most popular FIDO key.
🚨 CVE-2024-4629
A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.
🎖@cveNotify
A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.
🎖@cveNotify
🚨 CVE-2024-44383
WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm.
🎖@cveNotify
WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm.
🎖@cveNotify
🚨 CVE-2024-44400
D-Link DI-8400 16.07.26A1 is vulnerable to Command Injection via upgrade_filter_asp.
🎖@cveNotify
D-Link DI-8400 16.07.26A1 is vulnerable to Command Injection via upgrade_filter_asp.
🎖@cveNotify
GitHub
openfile-/D-link_DI_8400-16.07.26A1_Command_Injection.md/D-link_DI_8400-16.07.26A1_Command_Injection.md at main · lonelylonglong/openfile…
Contribute to lonelylonglong/openfile- development by creating an account on GitHub.
🚨 CVE-2024-7834
A local privilege escalation is caused by Overwolf
loading and executing certain dynamic link library files from a user-writeable
folder in SYSTEM context on launch. This allows an attacker with unprivileged
access to the system to run arbitrary code with SYSTEM privileges by placing a
malicious .dll file in the respective location.
🎖@cveNotify
A local privilege escalation is caused by Overwolf
loading and executing certain dynamic link library files from a user-writeable
folder in SYSTEM context on launch. This allows an attacker with unprivileged
access to the system to run arbitrary code with SYSTEM privileges by placing a
malicious .dll file in the respective location.
🎖@cveNotify
cirosec
Local privilege escalation in Overwolf (CVE-2024-7834) - cirosec
July 4, 2024 Overwolf is a software that is used for managing mods of games with 45 million active users every month.
👍1
🚨 CVE-2024-43941
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Propovoice Propovoice Pro allows SQL Injection.This issue affects Propovoice Pro: from n/a through 1.7.0.3.
🎖@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Propovoice Propovoice Pro allows SQL Injection.This issue affects Propovoice Pro: from n/a through 1.7.0.3.
🎖@cveNotify
🚨 CVE-2024-43920
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.4.
🎖@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.4.
🎖@cveNotify
Patchstack
WordPress Gutenverse – Gutenberg Blocks – Page Builder for Site Editor plugin <= 1.9.4 - Cross Site Scripting (XSS) vulnerability…
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
🚨 CVE-2024-38858
Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view.
🎖@cveNotify
Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view.
🎖@cveNotify
Checkmk
Werk #17232: Synthetic Monitoring: Fix XSS vector in HTML logs displayed in UI
The user interface offers the option to display the HTML logs of monitored synthetic tests. These
logs are generated on the host where the test is executed and are theref
logs are generated on the host where the test is executed and are theref
🚨 CVE-2024-7932
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
Dassault Systèmes
Security Advisories - Dassault Systèmes
Providing information on important security vulnerabilities that have been confirmed in our products.
🚨 CVE-2024-7938
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
Dassault Systèmes
Security Advisories - Dassault Systèmes
Providing information on important security vulnerabilities that have been confirmed in our products.
🚨 CVE-2024-7939
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
Dassault Systèmes
Security Advisories - Dassault Systèmes
Providing information on important security vulnerabilities that have been confirmed in our products.
🚨 CVE-2024-8004
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
Dassault Systèmes
Security Advisories - Dassault Systèmes
Providing information on important security vulnerabilities that have been confirmed in our products.