We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
This is a
It contains information on publicly disclosed Cybersecurity vulnerabilities based on data from the CVE® Program, please see the official CVE website and CVE List V5 on GitHub.
Whenever applicable we show information from the Known Exploited Vulnerabilities Catalog provided by CISA as the authoritative source of vulnerabilities that have been exploited in the wild.
CVE-2024-55655
sigstore-python has insufficient validation of integration timestamp during verification: sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verification flow: the "integration time" is verified *if* a source of signed ...
CVE-2024-55653
pwndoc's UnhandledPromiseRejection on audits causes Denial of Service (DoS): PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by raising a `UnhandledPromiseRejection` on audits which exits the backend. The user doesn't need to know the audit id, since a bad audit id will also raise the rejection. With the backend being unrespon...
CVE-2024-54133
Possible Content Security Policy bypass in Action Dispatch: Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1. Applications which set Content-Security-Policy (CSP) headers dynamically from unt...
CVE-2024-52865
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79): Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-52848
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79): Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-49138
Windows Common Log File System Driver Elevation of Privilege Vulnerability: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-54034
Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79): Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2024-54040
Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79): Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-54043
Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79): Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2024-47585
Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform: SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting in privilege escalation. While authorizations for import and export are distinguished, a single authorization is applied for b...
CVE-2024-49138 Microsoft Windows
Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges.
CVE-2024-51378 CyberPersons CyberPanel
CyberPanel contains an incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property.
CVE-2024-11667 Zyxel Multiple Firewalls
Multiple Zyxel firewalls contain a path traversal vulnerability in the web management interface that could allow an attacker to download or upload files via a crafted URL.
CVE-2024-11680 ProjectSend ProjectSend
ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the application's configuration via crafted HTTP requests to options.php. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.
CVE-2023-45727 North Grid Proself
North Grid Proself Enterprise/Standard, Gateway, and Mail Sanitize contain an improper restriction of XML External Entity (XXE) reference vulnerability, which could allow a remote, unauthenticated attacker to conduct an XXE attack.
Support options