CVE-2024-13508 - The Booking Package plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the locale parameter in all versions up to, and including, 1.6.72 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
19/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-13508
Partager : LinkedIn / Twitter / Facebook

CVE-2025-27113 - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-27113
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26624 - Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 and earlier versions allows an attacker loading and executing a malicious DLL with escalated privileges (since the executable has been granted higher privileges during the time of launch) due to the ability to inject a malicious `cfgmgr32.dll` in the same directory as the executable and have it side load automatically. This is fixed in commit `74dfa49`, which will be part of version 4.7. Users are advised to upgrade as soon as version 4.7 becomes available. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-26624
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25475 - A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-25475
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25474 - DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-25474
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25473 - FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-25473
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25472 - A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-25472
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25471 - FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-25471
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24928 - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24928
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22920 - A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS).
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22920
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22919 - A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22919
Partager : LinkedIn / Twitter / Facebook

CVE-2024-57259 - sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-57259
Partager : LinkedIn / Twitter / Facebook

CVE-2024-57258 - Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-57258
Partager : LinkedIn / Twitter / Facebook

CVE-2024-57257 - A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-57257
Partager : LinkedIn / Twitter / Facebook

CVE-2024-13743 - The Wonder Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wonderplugin_video shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-13743
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25896 - A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the destination, netmask, and gateway parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-25896
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25895 - An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the public_type parameter. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted packet.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-25895
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25894 - An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the samba_wg and samba_nbn parameters. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted packet.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-25894
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25893 - An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort, inePort, exsPort, exePort, and protocol parameters. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted packet.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-25893
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25892 - A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the sstartip, sendip, dstartip, and dendip parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-25892
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25891 - A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01, triggered by the destination, netmask and gateway parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-25891
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25469 - FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-25469
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25468 - FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-25468
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25467 - Insufficient tracking and releasing of allocated used memory in libx264 git master allows attackers to execute arbitrary code via creating a crafted AAC file.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-25467
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22921 - FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22921
Partager : LinkedIn / Twitter / Facebook

CVE-2024-56171 - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-56171
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26617 - WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `historico_paciente.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-26617
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26616 - WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application, `exportar_dump.php` endpoint. This vulnerability could allow an attacker to gain unauthorized access to sensitive information stored in `config.php`. `config.php` contains information that could allow direct access to the database. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-26616
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26615 - WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application, `examples.php` endpoint. This vulnerability could allow an attacker to gain unauthorized access to sensitive information stored in `config.php`. `config.php` contains information that could allow direct access to the database. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-26615
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26614 - WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_documento.php` endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-26614
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26613 - WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. An OS Command Injection vulnerability was discovered in the WeGIA application, `gerenciar_backup.php` endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-26613
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26612 - WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `adicionar_almoxarife.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-26612
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26611 - WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `remover_produto.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-26611
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26610 - WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `restaurar_produto_desocultar.php` endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-26610
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26609 - WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `familiar_docfamiliar.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-26609
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26608 - WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `dependente_docdependente.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-26608
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26607 - WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `documento_excluir.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-26607
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26606 - WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `informacao_adicional.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-26606
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26605 - WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_cargo.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-26605
Partager : LinkedIn / Twitter / Facebook

CVE-2025-27016 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awsm.in Drivr Lite – Google Drive Plugin allows Stored XSS. This issue affects Drivr Lite – Google Drive Plugin: from n/a through 1.0.1.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-27016
Partager : LinkedIn / Twitter / Facebook

CVE-2025-27013 - Missing Authorization vulnerability in EPC MediCenter - Health Medical Clinic WordPress Theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MediCenter - Health Medical Clinic WordPress Theme: from n/a through n/a.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-27013
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26623 - Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fixiso`. The bug is fixed in version v0.28.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-26623
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26604 - Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Because of the nature of arbitrary user-submited code execution, this allows user to execute potentially malicious code to perform damage or extract sensitive information. By loading the module containing the following code and run the command, the bot token can be extracted. Then the attacker can load a blocking module to sabotage the bot (DDoS attack) and the token can be used to make the fake bot act as the real one. If the bot has very high privilege, the attacker basically has full control before the user kicks the bot. Any Discord user that hosts Discord-Bot-Framework-Kernel before commit f0d9e70841a0e3170b88c4f8d562018ccd8e8b14 is affected. Users are advised to upgrade. Users unable to upgrade may attempt to limit their discord bot's access via configuration options.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-26604
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22663 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper Paid Videochat Turnkey Site allows Path Traversal. This issue affects Paid Videochat Turnkey Site: from n/a through 7.2.12.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22663
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22657 - Missing Authorization vulnerability in Vito Peleg Atarim allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Atarim: from n/a through 4.0.9.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22657
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22656 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Oscar Alvarez Cookie Monster allows PHP Local File Inclusion. This issue affects Cookie Monster: from n/a through 1.2.2.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22656
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22654 - Unrestricted Upload of File with Dangerous Type vulnerability in kodeshpa Simplified allows Using Malicious Files. This issue affects Simplified: from n/a through 1.0.6.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22654
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22650 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Erez Hadas-Sonnenschein Smartarget allows Stored XSS. This issue affects Smartarget: from n/a through 1.4.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22650
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22645 - Improper Restriction of Excessive Authentication Attempts vulnerability in Rameez Iqbal Real Estate Manager allows Password Brute Forcing. This issue affects Real Estate Manager: from n/a through 7.3.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22645
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22639 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Distance Rate Shipping for WooCommerce allows Blind SQL Injection. This issue affects Distance Rate Shipping for WooCommerce: from n/a through 1.3.4.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22639
Partager : LinkedIn / Twitter / Facebook

CVE-2025-0622 - A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-0622
Partager : LinkedIn / Twitter / Facebook

CVE-2024-56000 - Incorrect Privilege Assignment vulnerability in NotFound K Elements allows Privilege Escalation. This issue affects K Elements: from n/a through n/a.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-56000
Partager : LinkedIn / Twitter / Facebook

CVE-2024-45783 - A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45783
Partager : LinkedIn / Twitter / Facebook

CVE-2024-45781 - A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45781
Partager : LinkedIn / Twitter / Facebook

CVE-2024-45776 - When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45776
Partager : LinkedIn / Twitter / Facebook

CVE-2024-45775 - A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45775
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26603 - Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or `:display` ex command. When redirecting the output of `:display` to a register, Vim will free the register content before storing the new content in the register. Now when redirecting the `:display` command to a register that is being displayed, Vim will free the content while shortly afterwards trying to access it, which leads to a use-after-free. Vim pre 9.1.1115 checks in the ex_display() function, that it does not try to redirect to a register while displaying this register at the same time. However this check is not complete, and so Vim does not check the `+` and `*` registers (which typically donate the X11/clipboard registers, and when a clipboard connection is not possible will fall back to use register 0 instead. In Patch 9.1.1115 Vim will therefore skip outputting to register zero when trying to redirect to the clipboard registers `*` or `+`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-26603
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26465 - A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-26465
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25305 - Home Assistant Core is an open source home automation that puts local control and privacy first. Affected versions are subject to a potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used third-party libraries. In the past, `aiohttp-session`/`request` had the parameter `verify_ssl` to control SSL certificate verification. This was a boolean value. In `aiohttp` 3.0, this parameter was deprecated in favor of the `ssl` parameter. Only when `ssl` is set to `None` or provided with a correct configured SSL context the standard SSL certificate verification will happen. When migrating integrations in Home Assistant and libraries used by Home Assistant, in some cases the `verify_ssl` parameter value was just moved to the new `ssl` parameter. This resulted in these integrations and 3rd party libraries using `request.ssl = True`, which unintentionally turned off SSL certificate verification and opened up a man-in-the-middle attack vector. This issue has been addressed in version 2024.1.6 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-25305
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25284 - The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS (Web Processing Service) implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the Gdal_Translate service, when processing VRT (Virtual Format) files, does not properly validate file paths referenced in the VRTRasterBand element, allowing attackers to read arbitrary files on the system. The vulnerability exists because the service doesn't properly sanitize the SourceFilename parameter in VRT files, allowing relative path traversal sequences (../). When combined with VRT's raw data handling capabilities, this allows reading arbitrary files as raw binary data and converting them to TIFF format, effectively exposing their contents. This vulnerability is particularly severe because it allows attackers to read sensitive system files, potentially exposing configuration data, credentials, or other confidential information stored on the server. An unauthenticated attacker can read arbitrary files from the system through path traversal, potentially accessing sensitive information such as configuration files, credentials, or other confidential data stored on the server. The vulnerability requires no authentication and can be exploited remotely through the WPS service. This issue has been addressed in commit `5f155a8` and all users are advised to upgrade. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-25284
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24895 - CIE.AspNetCore.Authentication is an AspNetCore Remote Authenticator for CIE 3.0. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: 1. Identity Provider (IDP): the system that authenticates users and provides identity information (SAML affirmation) to the Service Provider, in essence, is responsible for the management of the credentials and identity of users; 2. Service Provider (SP): the system that provides a service to the user and relies on the Identity Provider to authenticate the user, receives SAML assertions from the IdP to grant access to resources. The library cie-aspnetcore refers to the second entity, the SP, and implements the validation logic of SAML assertions within SAML responses. In affected versions there is no guarantee that the first signature refers to the root object, it follows that if an attacker injects an item signed as the first element, all other signatures will not be verified. The only requirement is to have an XML element legitimately signed by the IdP, a condition that is easily met using the IdP's public metadata. An attacker could create an arbitrary SAML response that would be accepted by SPs using vulnerable SDKs, allowing him to impersonate any Spid and/or CIE user. This issue has been addressed in version 2.1.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24895
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24894 - SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider (IDP): the system that authenticates users and provides identity information (SAML affirmation) to the Service Provider, in essence, is responsible for the management of the credentials and identity of users; Service Provider (SP): the system that provides a service to the user and relies on the Identity Provider to authenticate the user, receives SAML assertions from the IdP to grant access to resources. The validation logic of the signature is central as it ensures that you cannot create a SAML response with arbitrary assertions and then impersonate other users. There is no guarantee that the first signature refers to the root object, it follows that if an attacker injects an item signed as the first element, all other signatures will not be verified. The only requirement is to have an XML element legitimately signed by the IdP, a condition that is easily met using the IdP's public metadata. An attacker could create an arbitrary SAML response that would be accepted by SPs using vulnerable SDKs, allowing him to impersonate any Spid and/or CIE user. This vulnerability has been addressed in version 3.4.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24894
Partager : LinkedIn / Twitter / Facebook

CVE-2025-21608 - Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-21608
Partager : LinkedIn / Twitter / Facebook

CVE-2024-57056 - Incorrect cookie session handling in WombatDialer before 25.02 results in the full session identity being written to system logs and could be used by a malicious attacker to impersonate an existing user session.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-57056
Partager : LinkedIn / Twitter / Facebook

CVE-2024-57055 - Server-Side Access Control Bypass vulnerability in WombatDialer before 25.02 could allow unauthorized users to potentially call certain services without the necessary access level. This issue is limited to services used by the client (not the general-use JSON services) and requires reverse engineering of the proprietary serialization protocol, making it difficult to exploit.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-57055
Partager : LinkedIn / Twitter / Facebook

CVE-2024-45774 - A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45774
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26620 - Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Duende.AccessTokenManagement contains a race condition when requesting access tokens using the client credentials flow. Concurrent requests to obtain an access token using differing protocol parameters can return access tokens obtained with the wrong scope, resource indicator, or other protocol parameters. Such usage is somewhat atypical, and only a small percentage of users are likely to be affected. Duende.AccessTokenManagement can request access tokens using the client credentials flow in several ways. In basic usage, the client credentials flow is configured once and the parameters do not vary. In more advanced situations, requests with varying protocol parameters may be made by calling specific overloads of these methods: `HttpContext.GetClientAccessTokenAsync()` and `IClientCredentialsTokenManagementService.GetAccessTokenAsync()`. There are overloads of both of these methods that accept a `TokenRequestParameters` object that customizes token request parameters. However, concurrent requests with varying `TokenRequestParameters` will result in the same token for all concurrent calls. Most users can simply update the NuGet package to the latest version. Customizations of the `IClientCredentialsTokenCache` that derive from the default implementation (`DistributedClientCredentialsTokenCache`) will require a small code change, as its constructor was changed to add a dependency on the `ITokenRequestSynchronization` service. The synchronization service will need to be injected into the derived class and passed to the base constructor. The impact of this vulnerability depends on how Duende.AccessTokenManagement is used and on the security architecture of the solution. Most users will not be vulnerable to this issue. More advanced users may run into this issue by calling the methods specified above with customized token request parameters. The impact of obtaining an access token with different than intended protocol parameters will vary depending on application logic, security architecture, and the authorization policy of the resource servers.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-26620
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26058 - Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens directly to the URL.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-26058
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25300 - smartbanner.js is a customizable smart app banner for iOS and Android. Prior to version 1.14.1, clicking on smartbanner `View` link and navigating to 3rd party page leaves `window.opener` exposed. It may allow hostile third parties to abuse `window.opener`, e.g. by redirection or injection on the original page with smartbanner. `rel="noopener"` is automatically populated to links as of `v1.14.1` which is a recommended upgrade to resolve the vulnerability. Some workarounds are available for those who cannot upgrade. Ensure `View` link is only taking users to App Store or Google Play Store where security is guarded by respective app store security teams. If `View` link is going to a third party page, limit smartbanner.js to be used on iOS that decreases the scope of the vulnerability since as of Safari 12.1, `rel="noopener"` is imposed on all `target="_blank"` links. Version 1.14.1 of smartbanner.js contains a fix for the issue.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-25300
Partager : LinkedIn / Twitter / Facebook

CVE-2024-56883 - Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are not always enforced on the server side. Low-privileged Sage users with employee role privileges can create external courses for other employees, even though they do not have the option to do so in the user interface. To do this, a valid request to create a course simply needs to be modified, so that the current user ID in the "id" parameter is replaced with the ID of another user.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-56883
Partager : LinkedIn / Twitter / Facebook

CVE-2024-56882 - Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS). Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who views and interacts with the modified data elements.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-56882
Partager : LinkedIn / Twitter / Facebook

CVE-2024-51505 - An issue was discovered in Atos Eviden IDRA before 2.7.1. A highly trusted role (Config Admin) could leverage a race condition to escalate privileges.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-51505
Partager : LinkedIn / Twitter / Facebook

CVE-2024-50609 - An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_traces_proto_ng() at opentelemetry_prot.c.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-50609
Partager : LinkedIn / Twitter / Facebook

CVE-2024-50608 - An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_metrics_ng() at prom_rw_prot.c.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-50608
Partager : LinkedIn / Twitter / Facebook

CVE-2024-4028 - A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-4028
Partager : LinkedIn / Twitter / Facebook

CVE-2024-49589 - Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument (size).
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-49589
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39328 - Insecure Permissions in Atos Eviden IDRA and IDCA before 2.7.0. A highly trusted role (Config Admin) could exceed their configuration privileges in a multi-partition environment and access some confidential data. Data integrity and availability is not at risk.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-39328
Partager : LinkedIn / Twitter / Facebook

CVE-2022-41545 - The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 (and possibly others) authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transport security by default, this renders the administrative credentials vulnerable to eavesdropping by an adversary during every authenticated request made by a client to the router over a WLAN, or a LAN, should the adversary be able to perform a man-in-the-middle attack.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2022-41545
Partager : LinkedIn / Twitter / Facebook

CVE-2024-55460 - A time-based SQL injection vulnerability in the login page of BoardRoom Limited Dividend Distribution Tax Election System Version v2.0 allows attackers to execute arbitrary code via a crafted input.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-55460
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39327 - Incorrect Access Control vulnerability in Atos Eviden IDRA before 2.6.1 could allow the possibility to obtain CA signing in an illegitimate way.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-39327
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22207 - Improperly built order clauses lead to a SQL injection vulnerability in the backend task list of com_scheduler.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22207
Partager : LinkedIn / Twitter / Facebook

CVE-2025-21703 - In the Linux kernel, the following vulnerability has been resolved: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() qdisc_tree_reduce_backlog() notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog of the child qdisc before calling it. Otherwise it would miss the opportunity to call cops->qlen_notify(), in the case of DRR, it resulted in UAF since DRR uses ->qlen_notify() to maintain its active list.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-21703
Partager : LinkedIn / Twitter / Facebook

CVE-2025-21702 - In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifo_tail_enqueue() will drop a packet in scheduler's queue and decrease scheduler's qlen by one. Then, pfifo_tail_enqueue() enqueue new packet and increase scheduler's qlen by one. Finally, pfifo_tail_enqueue() return `NET_XMIT_CN` status code. Weird behaviour: In case we set `sch->limit == 0` and trigger pfifo_tail_enqueue() on a scheduler that has no packet, the 'drop a packet' step will do nothing. This means the scheduler's qlen still has value equal 0. Then, we continue to enqueue new packet and increase scheduler's qlen by one. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by one and return `NET_XMIT_CN` status code. The problem is: Let's say we have two qdiscs: Qdisc_A and Qdisc_B. - Qdisc_A's type must have '->graft()' function to create parent/child relationship. Let's say Qdisc_A's type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`. - Qdisc_B's type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`. - Qdisc_B is configured to have `sch->limit == 0`. - Qdisc_A is configured to route the enqueued's packet to Qdisc_B. Enqueue packet through Qdisc_A will lead to: - hfsc_enqueue(Qdisc_A) -> pfifo_tail_enqueue(Qdisc_B) - Qdisc_B->q.qlen += 1 - pfifo_tail_enqueue() return `NET_XMIT_CN` - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` => hfsc_enqueue() don't increase qlen of Qdisc_A. The whole process lead to a situation where Qdisc_A->q.qlen == 0 and Qdisc_B->q.qlen == 1. Replace 'hfsc' with other type (for example: 'drr') still lead to the same problem. This violate the design where parent's qlen should equal to the sum of its childrens'qlen. Bug impact: This issue can be used for user->kernel privilege escalation when it is reachable.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-21702
Partager : LinkedIn / Twitter / Facebook

CVE-2024-57050 - A vulnerability in the TP-Link WR840N v6 router with firmware version 0.9.1 4.16 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory.When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing the authentication.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-57050
Partager : LinkedIn / Twitter / Facebook

CVE-2024-57049 - A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing the authentication.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-57049
Partager : LinkedIn / Twitter / Facebook

CVE-2024-57046 - A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-57046
Partager : LinkedIn / Twitter / Facebook

CVE-2024-57045 - A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-57045
Partager : LinkedIn / Twitter / Facebook

CVE-2024-13689 - The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-13689
Partager : LinkedIn / Twitter / Facebook

CVE-2025-1414 - Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135.0.1.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-1414
Partager : LinkedIn / Twitter / Facebook

CVE-2025-1269 - URL Redirection to Untrusted Site ('Open Redirect') vulnerability in HAVELSAN Liman MYS allows Cross-Site Flashing.This issue affects Liman MYS: before 2.1.1 - 1010.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-1269
Partager : LinkedIn / Twitter / Facebook

CVE-2025-1035 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls.This issue affects KLog Server: before 3.1.1.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-1035
Partager : LinkedIn / Twitter / Facebook

CVE-2025-0817 - The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-0817
Partager : LinkedIn / Twitter / Facebook

CVE-2025-0521 - The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-0521
Partager : LinkedIn / Twitter / Facebook

CVE-2024-13797 - The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.16. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-13797
Partager : LinkedIn / Twitter / Facebook

CVE-2024-13783 - The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin data which may contain sensitive information from form submissions.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-13783
Partager : LinkedIn / Twitter / Facebook

CVE-2024-13691 - The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncode_recordMedia' function in all versions up to, and including, 2.9.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary files on the server.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-13691
Partager : LinkedIn / Twitter / Facebook

CVE-2024-13681 - The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncode_admin_get_oembed' function in all versions up to, and including, 2.9.1.6. This makes it possible for unauthenticated attackers to read arbitrary files on the server.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-13681
Partager : LinkedIn / Twitter / Facebook

CVE-2024-13667 - The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description' parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-13667
Partager : LinkedIn / Twitter / Facebook

CVE-2024-13636 - The Brooklyn theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.9.2 via deserialization of untrusted input in the ot_decode function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-13636
Partager : LinkedIn / Twitter / Facebook

CVE-2025-1023 - A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. The newCountName parameter is directly concatenated into an SQL query without proper sanitization, allowing an attacker to manipulate database queries and execute arbitrary commands, potentially leading to data exfiltration, modification, or deletion.
18/02/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-1023
Partager : LinkedIn / Twitter / Facebook

Soutenez No Hack Me sur Tipeee

Les annonces ayant été modifiées dernièrement

CVE-2024-57256 - An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
19/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-57256
Partager : LinkedIn / Twitter / Facebook

CVE-2024-57255 - An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
19/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-57255
Partager : LinkedIn / Twitter / Facebook

CVE-2024-57254 - An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.
19/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-57254
Partager : LinkedIn / Twitter / Facebook

CVE-2025-1381 - A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax_city.php. The manipulation of the argument CityName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-1381
Partager : LinkedIn / Twitter / Facebook

CVE-2025-1380 - A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/admin/del_plan.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-1380
Partager : LinkedIn / Twitter / Facebook

CVE-2025-1379 - A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/CustomerReport.php. The manipulation of the argument city leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-1379
Partager : LinkedIn / Twitter / Facebook

CVE-2024-13603 - The Wise Forms WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks via malicious form submissions.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-13603
Partager : LinkedIn / Twitter / Facebook

CVE-2025-1371 - A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It is recommended to apply a patch to fix this issue.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-1371
Partager : LinkedIn / Twitter / Facebook

CVE-2025-1370 - A vulnerability, which was classified as critical, has been found in MicroWorld eScan Antivirus 7.0.32 on Linux. Affected by this issue is the function sprintf of the file epsdaemon of the component Autoscan USB. The manipulation leads to os command injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-1370
Partager : LinkedIn / Twitter / Facebook

CVE-2025-1369 - A vulnerability classified as critical was found in MicroWord eScan Antivirus 7.0.32 on Linux. Affected by this vulnerability is an unknown functionality of the component USB Password Handler. The manipulation leads to os command injection. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-1369
Partager : LinkedIn / Twitter / Facebook

CVE-2025-1368 - A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects the function ReadConfiguration of the file /opt/MicroWorld/etc/mwav.conf. The manipulation of the argument BasePath leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-1368
Partager : LinkedIn / Twitter / Facebook

CVE-2025-1367 - A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux. It has been classified as critical. This affects the function sprintf of the component USB Password Handler. The manipulation leads to buffer overflow. An attack has to be approached locally. The vendor was contacted early about this disclosure but did not respond in any way.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-1367
Partager : LinkedIn / Twitter / Facebook

CVE-2025-1358 - A vulnerability classified as problematic was found in Pix Software Vivaz 6.0.10. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-1358
Partager : LinkedIn / Twitter / Facebook

CVE-2024-57970 - libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-57970
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22209 - A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-22209
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22208 - A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'filter_email' parameter in the GDPR Erase Data Request search feature.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-22208
Partager : LinkedIn / Twitter / Facebook

CVE-2024-13306 - The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-13306
Partager : LinkedIn / Twitter / Facebook

CVE-2024-13208 - The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-13208
Partager : LinkedIn / Twitter / Facebook

CVE-2025-0998 - Out of bounds memory access in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-0998
Partager : LinkedIn / Twitter / Facebook

CVE-2025-0997 - Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-0997
Partager : LinkedIn / Twitter / Facebook

CVE-2025-0996 - Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-0996
Partager : LinkedIn / Twitter / Facebook

CVE-2025-0995 - Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-0995
Partager : LinkedIn / Twitter / Facebook

CVE-2025-21401 - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-21401
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31144 - For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.html#object-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories (SRs). The metadata itself is stored in a Virtual Disk Image (VDI) inside an SR. This is used for two purposes; a general backup of metadata (e.g. to recover from a host failure if the filer is still good), and Portable SRs (e.g. using an external hard drive to move VMs to another host). Metadata is only restored as an explicit administrator action, but occurs in cases where the host has no information about the SR, and must locate the metadata VDI in order to retrieve the metadata. The metadata VDI is located by searching (in UUID alphanumeric order) each VDI, mounting it, and seeing if there is a suitable metadata file present. The first matching VDI is deemed to be the metadata VDI, and is restored from. In the general case, the content of VDIs are controlled by the VM owner, and should not be trusted by the host administrator. A malicious guest can manipulate its disk to appear to be a metadata backup. A guest cannot choose the UUIDs of its VDIs, but a guest with one disk has a 50% chance of sorting ahead of the legitimate metadata backup. A guest with two disks has a 75% chance, etc.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-31144
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25997 - Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-25997
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25994 - SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-25994
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25990 - Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-25990
Partager : LinkedIn / Twitter / Facebook

CVE-2024-57778 - An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-57778
Partager : LinkedIn / Twitter / Facebook

CVE-2024-57725 - An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the /firstconnection.cgi endpoint.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-57725
Partager : LinkedIn / Twitter / Facebook

CVE-2024-56180 - CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via hessian deserialization rpc protocol. Users can use the code under the master branch in project repo or version 1.11.0 to fix this issue.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-56180
Partager : LinkedIn / Twitter / Facebook

CVE-2025-1298 - Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-1298
Partager : LinkedIn / Twitter / Facebook

CVE-2024-37603 - An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible type confusion exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-37603
Partager : LinkedIn / Twitter / Facebook

CVE-2024-37601 - An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-37601
Partager : LinkedIn / Twitter / Facebook

CVE-2023-34402 - Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2023-34402
Partager : LinkedIn / Twitter / Facebook

CVE-2023-34400 - Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the file and convert it to null-terminated string. If character is missed, will return null pointer.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2023-34400
Partager : LinkedIn / Twitter / Facebook

CVE-2023-34399 - Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The version of boost library contains vulnerability integer overflow.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2023-34399
Partager : LinkedIn / Twitter / Facebook

CVE-2023-34398 - Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The boost library contains a vulnerability/null pointer dereference.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2023-34398
Partager : LinkedIn / Twitter / Facebook

CVE-2023-34397 - Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB. During parsing you can trigger that the service will be crashed.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2023-34397
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25901 - A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-25901
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25898 - A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-25898
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25897 - A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'ip' parameter at /userRpm/WanStaticIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-25897
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22480 - Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-22480
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26543 - Cross-Site Request Forgery (CSRF) vulnerability in Pukhraj Suthar Simple Responsive Menu allows Stored XSS. This issue affects Simple Responsive Menu: from n/a through 2.1.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-26543
Partager : LinkedIn / Twitter / Facebook

CVE-2024-13867 - The Listivo - Classified Ads WordPress Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 2.3.67 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-13867
Partager : LinkedIn / Twitter / Facebook

CVE-2024-13606 - The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'jssupportticketdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/jssupportticketdata directory which can contain file attachments included in support tickets.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-13606
Partager : LinkedIn / Twitter / Facebook

CVE-2024-13639 - The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary 'read more' posts.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-13639
Partager : LinkedIn / Twitter / Facebook

CVE-2024-47264 - Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to delete arbitrary files via unspecified vectors.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-47264
Partager : LinkedIn / Twitter / Facebook

CVE-2024-13120 - The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-13120
Partager : LinkedIn / Twitter / Facebook

CVE-2024-12586 - The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-12586
Partager : LinkedIn / Twitter / Facebook

CVE-2024-57605 - Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components.
18/02/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-57605
Partager : LinkedIn / Twitter / Facebook