Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-29896 |
Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the CSP headers generation feature might be "allow-listing" malicious injected resources like inlined JS, or references to external malicious scripts. The fix is available in version 1.3.0. Published: March 28, 2024; 9:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27775 |
SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash Published: March 28, 2024; 9:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30595 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function. Published: March 28, 2024; 8:15:53 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30422 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.1. Published: March 28, 2024; 5:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30421 |
Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1. Published: March 28, 2024; 5:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2818 |
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels. Published: March 28, 2024; 4:15:26 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6371 |
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf of victims. Published: March 28, 2024; 4:15:26 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-52628 |
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to clean the remainder of the register in case ->len is NOT a multiple of the register size, so make it conditional just like nft_payload.c does. The bug was added in 4.1 cycle and then copied/inherited when tcp/sctp and ip option support was added. Bug reported by Zero Day Initiative project (ZDI-CAN-21950, ZDI-CAN-21951, ZDI-CAN-21961). Published: March 28, 2024; 4:15:25 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2890 |
Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12. Published: March 28, 2024; 3:16:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29241 |
Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. Published: March 28, 2024; 3:16:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29240 |
Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. Published: March 28, 2024; 3:16:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29239 |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. Published: March 28, 2024; 3:16:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29238 |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. Published: March 28, 2024; 3:16:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29237 |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. Published: March 28, 2024; 3:16:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29236 |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. Published: March 28, 2024; 3:16:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29235 |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. Published: March 28, 2024; 3:16:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29234 |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. Published: March 28, 2024; 3:16:06 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29233 |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. Published: March 28, 2024; 3:16:06 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29232 |
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. Published: March 28, 2024; 3:16:05 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29231 |
Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. Published: March 28, 2024; 3:16:04 AM -0400 |
V3.x:(not available) V2.0:(not available) |