CVE ID : CVE-2024-56412 Published : Jan. 3, 2025, 6:15 p.m. | 45 minutes ago Description : PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to bypass of the cross-site scripting sanitizer using the javascript protocol and special characters. An attacker can use…

CVE ID : CVE-2024-56411 Published : Jan. 3, 2025, 6:15 p.m. | 45 minutes ago Description : PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability of the hyperlink base in the HTML page header. The HTML page is formed…

CVE ID : CVE-2024-56410 Published : Jan. 3, 2025, 6:15 p.m. | 45 minutes ago Description : PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability in custom properties. The HTML page is generated without clearing custom properties. Versions 3.7.0,…

CVE ID : CVE-2024-36613 Published : Jan. 3, 2025, 6:15 p.m. | 45 minutes ago Description : FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. Severity: 0.0 | NA Visit the link for more details,…

CVE ID : CVE-2024-35365 Published : Jan. 3, 2025, 6:15 p.m. | 45 minutes ago Description : FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to…

CVE ID : CVE-2025-21610 Published : Jan. 3, 2025, 5:15 p.m. | 1 hour, 45 minutes ago Description : Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.12 are vulnerable to cross-site scripting when pasting malicious code in the link field. An attacker could trick the user to copy&paste a malicious `javascript:`…

CVE ID : CVE-2025-21609 Published : Jan. 3, 2025, 5:15 p.m. | 1 hour, 45 minutes ago Description : SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the `POST /api/history/getDocHistoryContent` endpoint. An attacker can craft a payload to exploit this vulnerability, resulting…

CVE ID : CVE-2024-56514 Published : Jan. 3, 2025, 5:15 p.m. | 1 hour, 45 minutes ago Description : Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an…

CVE ID : CVE-2024-56513 Published : Jan. 3, 2025, 5:15 p.m. | 1 hour, 45 minutes ago Description : Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, the PULL mode clusters registered with the `karmadactl register` command have excessive privileges to access…

The Good, the Bad and the Ugly in Cybersecurity – Week 1 The Good | HIPAA to Update Security Rules and Feds Sanction Disinformation Campaign Operators Cyberattacks on healthcare systems put patients at critical risk, disrupting urgent medical services or tr … Read more Published Date: Jan 03, 2025 (4 hours, 59 minutes ago) Vulnerabilities has been…