U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 243,729 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2024-41813

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Starting in version 1.4.0 and prior to version 1.6.1, a Server-Side Request Forgery (SSRF) vulnerability in the `/proxy` route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. Version 1.6.1 patches the issue.

Published: July 26, 2024; 1:15:12 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-41812

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Prior to version 1.7.0, a Server-Side Request Forgery (SSRF) vulnerability in the `/get` route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. Version 1.7.0 prevents displaying the response of forged requests, but the requests can still be sent. For complete mitigation, a firewall between txtdot and other internal network resources should be set.

Published: July 26, 2024; 1:15:12 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-41375

ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/terminal-xhr.php

Published: July 26, 2024; 1:15:12 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-41374

ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen.php

Published: July 26, 2024; 1:15:12 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-41373

ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php.

Published: July 26, 2024; 1:15:12 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-41354

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/widgets/edit.php

Published: July 26, 2024; 1:15:12 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-41353

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php

Published: July 26, 2024; 1:15:12 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-27358

An issue was discovered in WithSecure Elements Agent through 23.x for macOS and WithSecure Elements Client Security through 23.x for macOS. Local users can block an admin from completing an installation, aka a Denial-of-Service (DoS).

Published: July 26, 2024; 1:15:11 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-27357

An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Local Privilege Escalation can occur during installations or updates by admins.

Published: July 26, 2024; 1:15:11 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-26520

An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets.

Published: July 26, 2024; 1:15:11 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-24257

An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component.

Published: July 26, 2024; 1:15:11 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2023-50700

Insecure Permissions vulnerability in Deepin dde-file-manager 6.0.54 and earlier allows privileged operations to be called by unprivileged users via the D-Bus method.

Published: July 26, 2024; 1:15:10 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-7050

Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.This issue affects OpenText Directory Services: 24.2.

Published: July 26, 2024; 12:15:03 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-41357

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php.

Published: July 26, 2024; 12:15:03 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-41356

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\firewall-zones\zones-edit-network.php.

Published: July 26, 2024; 12:15:03 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-41355

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php.

Published: July 26, 2024; 12:15:03 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-41805

Tracks, a Getting Things Done (GTD) web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. Tracks version 2.7.1 is patched. No known complete workarounds are available.

Published: July 26, 2024; 11:15:11 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-41670

In the module "PayPal Official" for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can confirm an order even if payment is finally declined by PayPal. A logical weakness during the capture of a payment in case of disabled webhooks can be exploited to create an accepted order. This could allow a threat actor to confirm an order with a fraudulent payment support. Versions 6.4.2 and 3.18.1 contain a patch for the issue. Additionally, users enable webhooks and check they are callable.

Published: July 26, 2024; 11:15:11 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-7128

A flaw was found in the Openshift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification.

Published: July 26, 2024; 10:15:03 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-6922

Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from the server.

Published: July 26, 2024; 10:15:03 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)