) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2024-53376 - CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI.
Published: December 15, 2024; 11:15:05 PM -0500 -
CVE-2024-56112 - CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php.
Published: December 16, 2024; 1:15:07 AM -0500 -
CVE-2024-51112 - Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script
Published: January 06, 2025; 11:15:28 AM -0500 -
CVE-2024-51111 - Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser.
Published: January 06, 2025; 11:15:28 AM -0500 -
CVE-2024-55529 - Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template.
Published: January 06, 2025; 1:15:22 PM -0500 -
CVE-2024-55074 - The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370.
Published: January 06, 2025; 3:15:39 PM -0500V3.1: 9.0 CRITICAL
-
CVE-2024-41206 - A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Information Disclosure via a crafted TS video file.
Published: November 14, 2024; 6:15:05 PM -0500 -
CVE-2024-41209 - A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.
Published: November 14, 2024; 6:15:05 PM -0500 -
CVE-2024-41217 - A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to cause Denial of Service (DoS) via a crafted MKV video file.
Published: November 14, 2024; 6:15:05 PM -0500 -
CVE-2024-49776 - A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file.
Published: November 14, 2024; 6:15:05 PM -0500 -
CVE-2024-49777 - A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS), Information Disclosure and Code Execution via a crafted MKV video file.
Published: November 14, 2024; 6:15:05 PM -0500 -
CVE-2024-49778 - A heap-based buffer overflow in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.
Published: November 14, 2024; 6:15:05 PM -0500 -
CVE-2024-52520 - Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked into downloading bigger websites than intended, to find open-graph data. It is recommended that the Nextcloud... read CVE-2024-52520
Published: November 15, 2024; 12:15:22 PM -0500V3.1: 6.5 MEDIUM
-
CVE-2024-52509 - Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselv... read CVE-2024-52509
Published: November 15, 2024; 1:15:29 PM -0500V3.1: 5.7 MEDIUM
-
CVE-2024-10934 - In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.
Published: November 15, 2024; 3:15:17 PM -0500 -
CVE-2024-51503 - A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have... read CVE-2024-51503
Published: November 19, 2024; 2:15:08 PM -0500V3.1: 8.8 HIGH
-
CVE-2024-52802 - RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function `_parse_advertise`, located in `/sys/net/application_layer/dhcpv6/client.c`, has no minimum header length check for `dhcpv6_opt_t` after p... read CVE-2024-52802
Published: November 22, 2024; 11:15:34 AM -0500 -
CVE-2024-27919 - Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have... read CVE-2024-27919
Published: April 04, 2024; 11:15:38 AM -0400 -
CVE-2024-30255 - Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows ... read CVE-2024-30255
Published: April 04, 2024; 4:15:08 PM -0400V3.1: 7.5 HIGH
-
CVE-2024-32475 - Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy proce... read CVE-2024-32475
Published: April 18, 2024; 11:15:30 AM -0400