CVE ID : CVE-2024-55074 Published : Jan. 6, 2025, 8:15 p.m. | 44 minutes ago Description : The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370. Severity: 0.0 | NA Visit the link for more details, such…

CVE ID : CVE-2024-46209 Published : Jan. 6, 2025, 7:15 p.m. | 1 hour, 45 minutes ago Description : A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter. Severity: 0.0 | NA Visit the…

CVE ID : CVE-2024-55407 Published : Jan. 6, 2025, 7:15 p.m. | 1 hour, 45 minutes ago Description : An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests. Severity: 0.0 | NA Visit the link for more…

CVE ID : CVE-2024-55629 Published : Jan. 6, 2025, 6:15 p.m. | 2 hours, 45 minutes ago Description : Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, TCP streams with TCP urgent data (out of band data) can lead to Suricata analyzing data differently than the applications…

CVE ID : CVE-2024-56828 Published : Jan. 6, 2025, 6:15 p.m. | 2 hours, 45 minutes ago Description : File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method for processing. Within…

CVE ID : CVE-2024-35498 Published : Jan. 6, 2025, 7:15 p.m. | 1 hour, 45 minutes ago Description : A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline,…

CVE ID : CVE-2024-55627 Published : Jan. 6, 2025, 6:15 p.m. | 2 hours, 45 minutes ago Description : Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset…

CVE ID : CVE-2024-55628 Published : Jan. 6, 2025, 6:15 p.m. | 2 hours, 45 minutes ago Description : Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to…

CVE ID : CVE-2025-21613 Published : Jan. 6, 2025, 5:15 p.m. | 3 hours, 44 minutes ago Description : go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to…

CVE ID : CVE-2024-55529 Published : Jan. 6, 2025, 6:15 p.m. | 2 hours, 45 minutes ago Description : Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via zb_usersthemeshelltemplate. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source