CVE-2024-27348 unknown —
2.5
KEV EXP 2y ago
Apache HugeGraph-Server contains an improper access control vulnerability that could allow a remote attacker to execute arbitrary code.
CVE-2024-27347 unknown —
—
2y ago
Apache HugeGraph-Hubble: SSRF in Hubble connection page
CVE-2024-1681 unknown —
—
FIX sles debian 2y ago
flask-cors vulnerable to log injection when the log level is set to debug
CVE-2024-31584 unknown —
—
FIX debian 2y ago
Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.
CVE-2024-32473 unknown —
—
FIX debian sles 2y ago
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on netwo…
CVE-2024-27306 unknown —
—
FIX sles debian 2y ago
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have alway…
CVE-2024-31583 unknown —
—
FIX debian 2y ago
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.
CVE-2024-31580 unknown —
—
FIX debian 2y ago
PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (…
CVE-2023-0657 unknown —
—
2y ago
Keycloak vulnerable to impersonation via logout token exchange
CVE-2023-6787 unknown —
—
2y ago
Keycloak vulnerable to session hijacking via re-authentication
CVE-2024-1132 unknown —
—
2y ago
Keycloak path traversal vulnerability in redirection validation
CVE-2023-6484 unknown —
—
2y ago
Keycloak vulnerable to log Injection during WebAuthn authentication or registration
CVE-2023-6544 unknown —
—
2y ago
Keycloak Authorization Bypass vulnerability
CVE-2023-3597 unknown —
—
2y ago
Keycloak secondary factor bypass in step-up authentication
CVE-2024-2419 unknown —
—
2y ago
Keycloak path traversal vulnerability in the redirect validation
CVE-2024-3825 unknown —
—
2y ago
BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery
CVE-2024-22262 unknown —
—
debian 2y ago
Spring Framework URL Parsing with Host Validation
CVE-2024-3575 unknown —
—
2y ago
Cross-site Scripting (XSS) in mindsdb/mindsdb
CVE-2024-3772 unknown —
—
FIX sles debian 2y ago
Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.
CVE-2024-27309 unknown —
—
sles 2y ago
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
CVE-2024-3400 unknown —
2.5
KEV EXP 2y ago
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.
CVE-2024-29903 unknown —
—
FIX debian sles 2y ago
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign the…
CVE-2024-29902 unknown —
—
FIX debian sles 2y ago
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running C…
CVE-2024-31861 unknown —
—
2y ago
Code injection in Apache Zeppelin Shell
CVE-2024-3273 unknown —
1.5
KEV 2y ago
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution.
CVE-2024-3272 unknown —
1.5
KEV 2y ago
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution.
CVE-2024-31997 unknown —
—
2y ago
XWiki Platform remote code execution from account through UIExtension parameters
CVE-2024-31996 unknown —
—
2y ago
XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution
CVE-2024-31988 unknown —
—
2y ago
XWiki Platform CSRF remote code execution through the realtime HTML Converter API
CVE-2024-31987 unknown —
—
2y ago
XWiki Platform remote code execution from account via custom skins support
CVE-2024-31986 unknown —
—
2y ago
XWiki Platform CSRF remote code execution through scheduler job's document reference
CVE-2024-31985 unknown —
—
2y ago
XWiki Platform CSRF in the job scheduler
CVE-2024-31984 unknown —
—
2y ago
XWiki Platform: Remote code execution through space title and Solr space facet
CVE-2024-31983 unknown —
—
2y ago
XWiki Platform: Remote code execution from edit in multilingual wikis via translations
CVE-2024-31982 unknown —
—
2y ago
XWiki Platform: Remote code execution as guest via DatabaseSearch
CVE-2024-31981 unknown —
—
2y ago
XWiki Platform: Privilege escalation (PR) from user registration through PDFClass
CVE-2024-31465 unknown —
—
2y ago
XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet
CVE-2024-31464 unknown —
—
2y ago
XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted
CVE-2023-6236 unknown —
—
2y ago
WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log
CVE-2024-31867 unknown —
—
2y ago
Apache Zeppelin: LDAP search filter query Injection Vulnerability
CVE-2024-31868 unknown —
—
2y ago
Apache Zeppelin vulnerable to cross-site scripting in the helium module
CVE-2024-31866 unknown —
—
2y ago
Improper escaping in Apache Zeppelin
CVE-2024-31865 unknown —
—
2y ago
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
CVE-2024-31864 unknown —
—
2y ago
Apache Zeppelin remote code execution by adding malicious JDBC connection string
CVE-2021-22573 unknown —
—
FIX debian 2y ago
google-oauth-java-client improperly verifies cryptographic signature
CVE-2024-31863 unknown —
—
2y ago
Apache Zeppelin: Replacing other users notebook, bypassing any permissions
CVE-2024-31862 unknown —
—
2y ago
Apache Zeppelin: Denial of service with invalid notebook name
CVE-2024-3046 unknown —
—
2y ago
Eclipse Kura LogServlet vulnerability
CVE-2022-47894 unknown —
—
2y ago
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
CVE-2021-28656 unknown —
—
2y ago
Apache Zeppelin CSRF vulnerability in the Credentials page
CVE-2024-31860 unknown —
—
2y ago
Apache Zeppelin Path Traversal vulnerability
CVE-2024-1233 unknown —
—
2y ago
WildFly Elytron: SSRF security issue
CVE-2024-3366 unknown —
—
2y ago
Xuxueli xxl-job template injection vulnerability
CVE-2024-2700 unknown —
—
2y ago
quarkus-core leaks local environment variables from Quarkus namespace during application's build
CVE-2024-30261 unknown —
—
FIX sles debian 2y ago
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been…
CVE-2024-30260 unknown —
—
FIX sles debian 2y ago
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnera…
CVE-2024-29748 unknown —
1.5
KEV 2y ago
Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app.
CVE-2024-29745 unknown —
1.5
KEV 2y ago
Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices.
CVE-2024-29834 unknown —
—
2y ago
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
CVE-2024-1300 unknown —
—
2y ago
Eclipse Vert.x vulnerable to a memory leak in TCP servers
CVE-2024-27609 unknown —
—
2y ago
Bonita cross-site scripting vulnerability
CVE-2024-23449 unknown —
—
sles 2y ago
Elasticsearch Uncaught Exception leading to crash
CVE-2024-23451 unknown —
—
2y ago
Elasticsearch Incorrect Authorization vulnerability
CVE-2024-23450 unknown —
—
2y ago
Elasticsearch Uncontrolled Resource Consumption vulnerability
CVE-2024-1023 unknown —
—
2y ago
Eclipse Vert.x memory leak
CVE-2024-25421 unknown —
—
2y ago
Ignite Realtime Openfire privilege escalation vulnerability
CVE-2024-25420 unknown —
—
2y ago
Ignite Realtime Openfire privilege escalation vulnerability
CVE-2023-24955 unknown —
2.5
KEV EXP 2y ago
Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.
CVE-2024-29025 unknown —
—
FIX sles debian 2y ago
Netty's HttpPostRequestDecoder can OOM
CVE-2023-48788 unknown —
2.5
KEV EXP 2y ago
Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
CVE-2021-44529 unknown —
2.5
KEV EXP 2y ago
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody).
CVE-2019-7256 unknown —
2.5
KEV EXP 2y ago
Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution.
CVE-2023-5685 unknown —
—
debian 2y ago
XNIO denial of service vulnerability
CVE-2024-29133 unknown —
—
FIX debian sles 2y ago
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
CVE-2024-29131 unknown —
—
FIX debian sles 2y ago
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
CVE-2022-4963 unknown —
—
2y ago
SQL injection in Folio Spring Module Core
CVE-2024-29018 unknown —
—
FIX debian sles 2y ago
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows …
CVE-2024-22258 unknown —
—
2y ago
Improper Authentication in Spring Authorization Server
CVE-2024-23821 unknown —
—
2y ago
GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)
CVE-2024-23819 unknown —
—
2y ago
GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS)
CVE-2024-23818 unknown —
—
2y ago
GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)
CVE-2024-23643 unknown —
—
2y ago
GeoServer's GWC Seed Form vulnerable to Stored Cross-Site Scripting (XSS)
CVE-2024-23642 unknown —
—
2y ago
GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS)
CVE-2024-23640 unknown —
—
2y ago
GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS)
CVE-2024-23634 unknown —
—
2y ago
GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API
CVE-2023-51445 unknown —
—
2y ago
Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API
CVE-2023-51444 unknown —
—
2y ago
Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API
CVE-2023-41877 unknown —
—
2y ago
GeoServer log file path traversal vulnerability
CVE-2024-27439 unknown —
—
2y ago
Cross-Site Request Forgery in Apache Wicket
CVE-2024-24683 unknown —
—
2y ago
Improper Input Validation vulnerability in Apache Hop Engine
CVE-2024-24042 unknown —
—
2y ago
Path traversal in flaskcode Devan-Kerman ARRP
CVE-2024-22257 unknown —
—
2y ago
Erroneous authentication pass in Spring Security
CVE-2024-28128 unknown —
—
2y ago
FitNesse Cross-site Scripting vulnerability
CVE-2024-28125 unknown —
—
2y ago
FitNesse allows execution of arbitrary OS commands
CVE-2024-22259 unknown —
—
debian 2y ago
Spring Framework URL Parsing with Host Validation Vulnerability
CVE-2024-27351 unknown —
—
FIX sles debian 2y ago
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a poten…
CVE-2024-28752 unknown —
—
2y ago
SSRF vulnerability using the Aegis DataBinding in Apache CXF
CVE-2024-23944 unknown —
—
FIX debian 2y ago
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling
CVE-2024-1979 unknown —
—
2y ago
In Quarkus, git credentials could be inadvertently published
CVE-2024-28098 unknown —
—
2y ago
Apache Pulsar: Improper Authorization For Topic-Level Policy Management
