Angular Expressions – Remote Code Execution (CVE-TBD) – Critical
2024-12-10 Platform: peerigon/angular-expressions Version: Unaffected versions: >= 1.4.3 Vulnerability: Remote Code Execution (RCE) Severity: Critical Date: December 10, 2024 What […]
2024-12-10 Platform: peerigon/angular-expressions Version: Unaffected versions: >= 1.4.3 Vulnerability: Remote Code Execution (RCE) Severity: Critical Date: December 10, 2024 What […]
2024-12-10 Platform: wasmvm, cosmwasm-vm Version: Affected versions: wasmvm >= 2.1.0, < 2.1.3 wasmvm >= 2.0.0, < 2.0.4 wasmvm < 1.5.5
2024-12-10 Vulnerability : A vulnerability (CWA-2024-008) has been identified in CosmWasm VM versions. This vulnerability is classified as medium severity,
2024-12-10 This article describes a vulnerability (CVE-2024-50177) in the Linux kernel’s AMD display driver. The issue arises when programming a
2024-12-10 : A critical SQL injection vulnerability (CVE-2024-4930) exists in SourceCodester Simple Online Bidding System version 1.0. This vulnerability allows
2024-12-10 A vulnerability classified as MEDIUM severity (CVSS score: 6.9) has been identified in SourceCodester Simple Online Bidding System 1.0.
2024-12-10 : A critical SQL injection vulnerability (CVE-2024-4931) has been identified in SourceCodester Simple Online Bidding System 1.0. This vulnerability
2024-12-10 Platform: SourceCodester Simple Online Bidding System Version: 1.0 Vulnerability: Cross-Site Request Forgery (CSRF) Severity: MEDIUM Date: May 28, 2024
2024-12-10 What Undercode Says: This blog post details a vulnerability (CVE-2024-50185) affecting the MPTCP functionality in the Linux kernel. A
2024-12-10 : A critical SQL injection vulnerability (CVE-2024-4932) has been identified in SourceCodester Simple Online Bidding System 1.0. This vulnerability
2024-12-10 This article describes a vulnerability in LXD PKI mode that allows unauthorized authentication with non-CA signed certificates if they
2024-12-10 Vulnerability details: Platform: LXD Vulnerability: Improper Certificate Restriction Handling in PKI Mode CVE: N/A (Not assigned) Severity: Low Date:
2024-12-09 Apache Superset, an open-source data visualization and exploration platform, has been found to be vulnerable to SQL injection attacks.
2024-12-09 What Undercode Says: This blog post highlights a vulnerability in Hugo, a static site generator. Specifically, certain internal templates
2024-12-09 : A critical vulnerability (CVE-2024-46645) has been identified in Apache Superset. This vulnerability allows lower-privileged users to create new
2024-12-09 : A critical vulnerability (CVE-2023-46078) was discovered in Winter CMS that allows users with access to the CMS templates
2024-12-09 : – idna versions 0.5.0 and earlier are vulnerable to Punycode spoofing. – Malicious actors can create Punycode labels
2024-12-09 The Trix editor, in versions prior to 2.1.9 and 1.3.3, is vulnerable to cross-site scripting (XSS) attacks. This vulnerability
2024-12-09 : The League/CommonMark library, a popular PHP Markdown parser, contains several vulnerabilities that could lead to denial-of-service (DoS) attacks.
2024-12-09 : This article describes a vulnerability (CVE-2024-32998) in HarmonyOS’s clock module. It’s a null pointer access vulnerability, which means
2024-12-09 : This article details a race condition vulnerability (CVE-2024-32997) affecting the binder driver module in Huawei’s HarmonyOS. Successful exploitation
2024-12-09 : Apple patched a critical logic issue (CVE-2024-27816) in iOS 17.5, iPadOS 17.5, tvOS 17.5, watchOS 10.5, and macOS
2024-12-09 : This article details a privilege escalation vulnerability (CVE-2024-32996) within the account module of Huawei’s HarmonyOS. Exploiting this vulnerability
2024-12-09 Platform: Huawei Version: EMUI 14, EMUI 13, HarmonyOS 4.2, HarmonyOS 4.0, HarmonyOS 3.1, HarmonyOS 3.0 (based on Huawei security
2024-12-09 This article describes a cracking vulnerability (CVE-2024-32999) identified in the OS security module of Huawei’s HarmonyOS. Exploitation of this
2024-12-09 This article describes a vulnerability (CVE-2024-30413) in Here’s the summarized information: Platform: EMUI (Huawei) Version: Not specified Vulnerability: Improper
2024-12-09 Vulnerability : This article describes a vulnerability (CVE-2024-4046) in the security module of Huawei’s HarmonyOS. A successful exploit could
2024-12-09 Platform: HarmonyOS Version: All versions (not specified) Vulnerability: Privilege Escalation due to permission control issue in the App Multiplier
2024-12-09 Platform: Apple Vision Pro Version: Not specified (versions before 1.1 are vulnerable) Vulnerability: Permissions Issue Severity: Critical Date: March
2024-12-09 This article describes a critical vulnerability (CVE-2024-23294) in macOS Sonoma that could allow an attacker to execute malicious code
2024-12-09 : An attacker with physical access to an Apple device could potentially exploit a vulnerability in Spotlight (CVE-2024-23293) to
2024-12-09 Platform: Rockwell Automation Arena Simulation Software Version: Not specified Vulnerability: Heap-based memory buffer overflow Severity: HIGH (CVSS v3 score:
2024-12-09 Platform: Rockwell Automation Arena Simulation software Version: Not specified Vulnerability: Memory buffer overflow Severity: Critical (CVSS v3 score: 7.8,
2024-12-09 Platform: Rockwell Automation Arena Simulation Version: All Versions (not specified) Vulnerability: Memory Buffer Overflow Severity: Medium (CVSS v3 score:
2024-12-09 : A security vulnerability in Palo Alto Networks PAN-OS software allows attackers to inject malicious scripts into Captive Portal
2024-12-09 : Checkmk versions 2.0.0 to 2.1.0 are affected by multiple vulnerabilities. These vulnerabilities could allow an attacker to execute
2024-12-09 : A security vulnerability (XSS) exists in Palo Alto Networks PAN-OS software that allows attackers to inject malicious scripts
2024-12-09 Platform: Rockwell Automation Arena Simulation Version: All versions (not specified) Vulnerability: Arbitrary Code Execution Severity: Critical (CVSS v3: 7.8,
2024-12-09 Platform: Apple iOS iPadOS macOS tvOS Version: Not specified (all versions before iOS 17.4, iPadOS 17.4, macOS Monterey 12.7.4,
2024-12-09 Vulnerability : A critical privacy vulnerability (CVE-2024-23287) existed in macOS Sonoma due to improper handling of temporary files. This
2024-12-09 : A critical vulnerability (CVE-2024-23300) was identified in GarageBand versions before 10.4.11. This vulnerability is a use-after-free issue, which
2024-12-09 : Apple patched a critical privacy vulnerability (CVE-2024-23283) in iOS, iPadOS, and macOS. This vulnerability allowed apps to potentially
2024-12-09 : A critical vulnerability (CVE-2024-23265) in the macOS kernel allowed an attacker with arbitrary kernel read and write capabilities
2024-12-09 : This article describes a critical vulnerability (CVE-2024-23289) in Apple devices that allowed someone with physical access to bypass
2024-12-09 Vulnerability : This critical vulnerability (CVE-2024-23262) in Apple iOS versions before 16.7.6 and 17.4 allows malicious applications to spoof
2024-12-09 : This article describes a remote code execution (RCE) vulnerability in Apple WebKit. Unauthenticated attackers can exploit this vulnerability
2024-12-09 Platform: WhatsUp Gold Version: Before 2023.1.2 Vulnerability: Server-Side Request Forgery (SSRF) Severity: MEDIUM Date: May 14, 2024 (Published), December
2024-12-09 This blog post analyzes CVE-2024-4561, a Server-Side Request Forgery (SSRF) vulnerability impacting WhatsUp Gold versions before 2023.1.2. An attacker
2024-12-09 This blog post analyzes CVE-2024-46906, a critical SQL injection vulnerability in WhatsUp Gold versions before 24.0.1. An attacker with
2024-12-07 Drupal Core has a vulnerability that could allow an attacker to move the entire webroot to a different location
2024-12-07 : A low-severity deserialization vulnerability has been identified in the `shared_preferences_android` package. This issue could potentially allow arbitrary code
2024-12-07 Platform: Spring LDAP Vulnerability: Data Exposure CVE: CVE-2024-38820 Severity: Moderate Date: Published: Dec 4, 2024 Last Updated: Last updated:
2024-12-07 Vulnerability sigstore-java, a Java client for interacting with sigstore infrastructure, has a flaw in its verification process. This vulnerability
2024-12-07 : A moderate severity vulnerability, ReDoS, has been identified in the 0.1.x version of the `path-to-regexp` library. This vulnerability
2024-12-07 Version: (not specified in the article) Vulnerability: HTML Injection (CVE-2024-54128) Severity: Critical Date: December 07, 2024 What Undercode Says:
2024-12-07 : A vulnerability has been discovered in PyO3 versions 0.23.0 through 0.23.2, where the `PYO3_CONFIG_FILE` environment variable does not
2024-12-07 This article describes a low-severity vulnerability in the pprof library related to unsafe usage of the `std::slice::from_raw_parts` function. Vulnerability
2024-12-07 : A low-severity vulnerability, CVE-2024-XXXX, has been identified in the linkme platform. This vulnerability allows for type mismatches in
2024-12-07 : A critical Denial of Service (DoS) vulnerability has been discovered in Drupal Core. This vulnerability could allow an
2024-12-07 A critical vulnerability, CVE-2024-XXXX, was recently discovered in the Solana Web3.js library. This supply chain attack exploited a compromised
2024-12-07 : A critical SQL injection vulnerability has been identified in specific versions of the Django framework when used with
2024-12-07 Platform: anstream (Rust) Version: < 0.6.8 Vulnerability: Unsoundness Severity: Moderate Date: December 4, 2024 What Undercode Says: An issue
2024-12-07 Platform: GitHub CLI Version: Not specified (versions before 2.63.1) Vulnerability: Path Traversal Severity: Moderate Date: December 3, 2024 (Published)
2024-12-07 : A vulnerability in Palo Alto Networks PAN-OS allows attackers with access to the management interface to gain root
2024-12-07 Metabase, an open-source data analytics platform, has a critical vulnerability (CVE-2023-46488) that could allow attackers to potentially access sensitive
2024-12-07 : Microsoft has released a security update to address a critical elevation of privilege vulnerability in Windows Task Scheduler.
2024-12-07 : Atlassian Jira Server and Data Center versions prior to 8.5.14, 8.6.0-8.13.6, and 8.14.0-8.16.1 are vulnerable to a critical
2024-12-07 : Apple has addressed a critical cross-site scripting (XSS) vulnerability in Safari, iOS, iPadOS, macOS, and visionOS. This vulnerability
2024-12-07 Platform: Kemp LoadMaster Version: All versions before 7.2.48.10, 7.2.54.8, 7.2.59.2 Vulnerability: Unauthenticated Command Injection Severity: Critical (CVSS v3 score:
2024-12-07 : A critical vulnerability, CVE-2023-20867, has been identified in vCenter Server. This heap-overflow vulnerability could allow a remote attacker
2024-12-07 : A critical SQL injection vulnerability (CVE-2024-9465) has been discovered in Palo Alto Networks Expedition. This vulnerability allows unauthenticated
2024-12-07 : Zyxel has released security advisories addressing a critical directory traversal vulnerability in multiple product lines. This vulnerability, tracked
2024-12-07 : A critical vulnerability (CVE-2024-21287) has been identified in Oracle Agile PLM Framework version 9.3.6. This vulnerability allows unauthenticated
2024-12-07 ProjectSend, a file-sharing platform, has a critical vulnerability (CVE-2024-11680) that allows unauthenticated attackers to take control of vulnerable servers.
2024-12-06 : A critical vulnerability (CVE-2024-23246) identified in Vulnerability Details: Platform: Not specified (WebKit is used across various Apple products)
2024-12-06 : An issue in Vulnerability Details: Platform: Apple iOS, iPadOS, macOS Version: Versions before iOS 17.4, iPadOS 17.4, and
2024-12-06 Vulnerability : This article describes a race condition vulnerability (CVE-2024-23235) in the Apple Kernel. This vulnerability could allow an
2024-12-06 A critical vulnerability (CVE-2024-9677) exists in Zyxel USG FLEX H series devices running uOS firmware version V1.21 and earlier.
2024-12-06 : An issue in Vulnerability Details: Platform: iOS, iPadOS, tvOS, watchOS, macOS (all versions before the mentioned fixes) Version:
2024-12-06 : A vulnerability (CVE-2024-23248) in macOS Sonoma allows an attacker to potentially crash the system (denial-of-service) or expose sensitive
2024-12-06 : This article describes a critical vulnerability (CVE-2024-23249) in Vulnerability Details: Platform: macOS Sonoma Version: (Not specified in the
2024-12-06 : A vulnerability in Apple iOS Photos allows deleted photos to be recovered through the shake-to-undo feature without requiring
2024-12-06 Platform: macOS Version: Sonoma 14.4, Monterey 12.7.4 (Unaffected versions not listed) Vulnerability: Privilege Escalation Severity: Critical Date: March 7,
2024-12-06 : Apple addressed a permissions issue in macOS Sonoma versions before 14.4 that could allow an app to access
2024-12-06 Platform: macOS Version: Not specified (all versions vulnerable before macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5) Vulnerability:
2024-12-06 : Apple patched a vulnerability (CVE-2024-23241) in macOS Sonoma 14.4, iOS 17.4, iPadOS 17.4, and tvOS 17.4. This vulnerability
2024-12-06 Platform: macOS Version: Sonoma 14.4, Monterey 12.7.4, Ventura 13.6.5 (all prior versions are vulnerable) Vulnerability: Improper Memory Handling (Code
2024-12-06 This article describes a critical vulnerability (CVE-2024-54128) in Directus, a real-time API and app dashboard for managing SQL database
2024-12-06 Vulnerability: Insufficient Verification of Inclusion Proof Checkpoint Platform: sigstore-java Version:
2024-12-05 Drupal Core has a vulnerability that could allow malicious users to move the entire webroot to a different location
2024-12-05 A new vulnerability has been discovered in Drupal Core that could lead to a denial of service (DoS) attack.
2024-12-05 : Apache Hive Metastore (HMS) is vulnerable to a high-severity remote code execution (RCE) vulnerability. This vulnerability arises from
2024-12-05 Platform: Perl (App::cpanminus package) Version: Up to 1.7047 Vulnerability: Insecure HTTP Download Severity: Critical (CVSS 3.0: 9.8/10) Date: August
2024-12-05 : A vulnerability in PyO3 versions 0.23.0 through 0.23.2 allows for build corruption when using the `PYO3_CONFIG_FILE` environment variable.
2024-12-05 : This article describes a vulnerability (CVE-2024-28907) in Microsoft Brokering File System that could allow an attacker to gain
2024-12-05 Platform: Dell Secure Connect Gateway (SCG) Policy Manager Version: All Vulnerability: Stored Cross-Site Scripting (XSS) Severity: HIGH Date: December
2024-12-05 : A security audit conducted by Radically Open Security uncovered multiple vulnerabilities in the Rpgp library that could lead
2024-12-05 What Undercode Says: A moderate severity vulnerability (CVE-2024-38829) exists in Spring LDAP that could allow an attacker to expose
2024-12-04 What Undercode Says: This article describes a moderate severity vulnerability in Anstream, a software program (platform unspecified). The vulnerability
2024-12-04 : This article discusses a critical vulnerability, CVE-2021-44228, affecting Apache HTTP Server. This vulnerability can be exploited to trigger