CVE ID : CVE-2024-55407 Published : Jan. 6, 2025, 7:15 p.m. | 1 hour, 45 minutes ago Description : An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests. Severity: 0.0 | NA Visit the link for more…

CVE ID : CVE-2024-55629 Published : Jan. 6, 2025, 6:15 p.m. | 2 hours, 45 minutes ago Description : Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, TCP streams with TCP urgent data (out of band data) can lead to Suricata analyzing data differently than the applications…

CVE ID : CVE-2024-56828 Published : Jan. 6, 2025, 6:15 p.m. | 2 hours, 45 minutes ago Description : File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method for processing. Within…

CVE ID : CVE-2024-35498 Published : Jan. 6, 2025, 7:15 p.m. | 1 hour, 45 minutes ago Description : A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline,…

CVE ID : CVE-2024-55627 Published : Jan. 6, 2025, 6:15 p.m. | 2 hours, 45 minutes ago Description : Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset…

CVE ID : CVE-2024-55628 Published : Jan. 6, 2025, 6:15 p.m. | 2 hours, 45 minutes ago Description : Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to…

CVE ID : CVE-2025-21613 Published : Jan. 6, 2025, 5:15 p.m. | 3 hours, 44 minutes ago Description : go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to…

CVE ID : CVE-2024-55529 Published : Jan. 6, 2025, 6:15 p.m. | 2 hours, 45 minutes ago Description : Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via zb_usersthemeshelltemplate. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source

CVE ID : CVE-2024-5594 Published : Jan. 6, 2025, 2:15 p.m. | 6 hours, 45 minutes ago Description : OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or plug-ins. Severity: 9.1 | CRITICAL Visit the link for more details, such as CVSS details, affected…

CVE ID : CVE-2025-21611 Published : Jan. 6, 2025, 4:15 p.m. | 4 hours, 45 minutes ago Description : tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR’d instead of AND’ed with the role used to determine if a user was enabled. This allows…