CVE-2024-35227 : DISCOURSE UP TO 3.3.0.BETA2/3.2.2 URL DENIAL OF SERVICE

Description Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the

Description A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the

Description In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. References https://wiki.znc.in/Category:ChangeLog https://github.com/znc/znc/releases/tag/znc-1.9.1 https://wiki.znc.in/ChangeLog/1.9.1 https://www.openwall.com/lists/oss-security/2024/07/03/9

Description An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A

Description An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback

Description A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special

Description Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can use the “message” parameter to inject

Description Mattermost versions 9.8.x

Description The allows any authenticated user to join a private group due to a missing authorization check on a function.

Description Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry prior to v40.17.0 potentially allows

Description A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management 1.0. This affects an

Description GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and

Description mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.

Description Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card

Description Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause

Description In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint

Description httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base

Description Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn’t sanitize

Description aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn’t reset the

Description Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page (at `/.pomerium`)

Description SkillTree is a micro-learning gamification platform. Prior to version 2.12.6, the endpoint `/admin/projects/{projectname}/skills/{skillname}/video` (and probably others) is open to

Description Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue.

Description GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6,

Description Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a