CVE ID : CVE-2025-21617 Published : Jan. 6, 2025, 8:15 p.m. | 44 minutes ago Description : Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior to 0.8.1, Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source. This can leave servers vulnerable to replay attacks when TLS is not used. This…

CVE ID : CVE-2024-55408 Published : Jan. 6, 2025, 7:15 p.m. | 1 hour, 45 minutes ago Description : An issue in the AsusSAIO.sys component of ASUS System Analysis IO v1.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests. Severity: 0.0 | NA Visit the link for more details, such as…

CVE ID : CVE-2024-55074 Published : Jan. 6, 2025, 8:15 p.m. | 44 minutes ago Description : The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370. Severity: 0.0 | NA Visit the link for more details, such…

CVE ID : CVE-2024-46209 Published : Jan. 6, 2025, 7:15 p.m. | 1 hour, 45 minutes ago Description : A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter. Severity: 0.0 | NA Visit the…

CVE ID : CVE-2024-55407 Published : Jan. 6, 2025, 7:15 p.m. | 1 hour, 45 minutes ago Description : An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests. Severity: 0.0 | NA Visit the link for more…

CVE ID : CVE-2024-55629 Published : Jan. 6, 2025, 6:15 p.m. | 2 hours, 45 minutes ago Description : Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, TCP streams with TCP urgent data (out of band data) can lead to Suricata analyzing data differently than the applications…

CVE ID : CVE-2024-56828 Published : Jan. 6, 2025, 6:15 p.m. | 2 hours, 45 minutes ago Description : File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method for processing. Within…

CVE ID : CVE-2024-35498 Published : Jan. 6, 2025, 7:15 p.m. | 1 hour, 45 minutes ago Description : A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline,…

CVE ID : CVE-2024-55627 Published : Jan. 6, 2025, 6:15 p.m. | 2 hours, 45 minutes ago Description : Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset…