CVE-2024-45410 : TRAEFIK HTTP HEADER X-FORWARDED LESS TRUSTED SOURCE
Description Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers
Description Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers
Description Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
Description A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affects unknown code
Description A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId,
Description A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to
Description This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in
Description langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses
Description Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend. References https://github.com/gaorenyusi/gaorenyusi/blob/main/CVE-2024-46373.md For More Information
Description Stack overflow vulnerability in the Login function in the HNAP service in D-Link DCS-960L with firmware 1.09 allows attackers
Description CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an
Description A vulnerability was found in code-projects Crud Operation System 1.0. It has been classified as critical. This affects an
Description ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function. References https://mind-bytes.de/sql-injection-in-foss-online-cve-2024-34334/
Description A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636
Description An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2
Description Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to
Description CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal,
Description Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection. This issue affects: Product Affected
Description An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft
Description A vulnerability in the JSON-RPC API feature in ConfD that is used by the web-based management interfaces of Cisco
Description COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt
Description In the Linux kernel, the following vulnerability has been resolved: nvme: move stopping keep-alive into nvme_uninit_ctrl() Commit 4733b65d82bd (“nvme:
Description A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises
Description A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability,
Description A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update