8.8
CVE-2024-12694 -
Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8
CVE-2024-12693 -
Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2024-12692 -
Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
5.9
CVE-2024-56140 - Bypass of CSRF Middleware in Astro
Astro is a web framework for content-driven websites. In affected versions a bug in Astroβs CSRF-protection middleware allows requests to bypass CSRF checks. When the `security.checkOrigin` configuration option is set to `true`, Astro middleware will perform a CSRF check. However, a vulnerability eβ¦
5.3
CVE-2024-45338 - Non-linear parsing of case-insensitive content in golang.org/x/net/html
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
9.3
CVE-2024-56145 - RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is presentβ¦
6.6
CVE-2024-12686 - Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA)
A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.
6.5
CVE-2024-51470 - IBM MQ denial of service
IBM MQΒ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ ApplianceΒ 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25Β could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.
7.4
CVE-2024-49363 - Uncontrolled Recursion and Asymmetric Resource Consumption (Amplification) in media/file proxy in Mβ¦
Misskey is an open source, federated social media platform. In affected versions FileServerService (media proxy) in github.com/misskey-dev/misskey 2024.10.1 or earlier did not detect proxy loops, which allows remote actors to execute a self-propagating reflected/amplified distributed denial-of-servβ¦
6.4
CVE-2024-52579 - Server-Side Request Forgery vulnerability in various APIs in Misskey
Misskey is an open source, federated social media platform. Some APIs using `HttpRequestService` do not properly check the target host. This vulnerability allows an attacker to send POST or GET requests to the internal server, which may result in a SSRF attack.It allows an attacker to send POST or β¦