Day: October 30, 2024

CVE-2024-9632 : X.ORG X SERVER UP TO 21.1.13 BITMAP_XKBSETCOMPATMAP SYM_INTERPRET HEAP-BASED OVERFLOW

Description A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker

Common Vulnerabilities and Exposures

CVE-2024-51568 : PSAUX CYBERPANEL UP TO 2.3.4 FILE MANAGER /FILEMANAGER/UPLOAD PROCESSUTILITIES.OUTPUTEXECUTIONER OS COMMAND INJECTION

Description CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka

Common Vulnerabilities and Exposures

CVE-2024-8923 : SERVICENOW NOW PLATFORM IMPROPER AUTHENTICATION

Description ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an

Common Vulnerabilities and Exposures

CVE-2024-49768 : PYLONS WAITRESS UP TO 3.0.0 ON PYTHON HTTP PIPELINING RECV_BYTES TOCTOU

Description Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a

Common Vulnerabilities and Exposures

CVE-2024-6674 : PARISNEO LOLLMS-WEBUI UP TO 9.8 PRIVATE API KEY ORIGIN VALIDATION

Description A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser