2
CVE-2024-53261 - Cross-Site Scripting attack (XSS) on dev mode 404 page in SvelteKit
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. "Unsanitized input from *the request URL* flows into `end`, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS)." The files `packages/kiโฆ
2
CVE-2024-53262 - Unescaped error message included on error page in SvelteKit
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors contains placeholders that are replaced without escaping the content first. error.html is the page that is rendered when everything else fails. It can contain โฆ
5.3
CVE-2024-53255 - Reflected Cross-site Scripting in /admin?page=media via file Parameter in BoidCMS
BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting (XSS) vulnerability exists in the /admin?page=media endpoint in the file parameter, allowing an attacker to โฆ
8.2
CVE-2024-52811 - Acks not validated before logged to qlog leads to buffer overflow in ngtcp2
The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In `ngtcp2_conn::conn_recv_pkt` for an ACK, there was new logic that got added to skip `conn_recv_ack` if an ack has alreaโฆ
5.8
CVE-2024-52529 - Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in Cilium
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a specific port within the first policy's range โฆ
5.4
CVE-2024-32468 - Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTโฆ
Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the `deno_doc` crate which lead to Self-XSS with deno doc --html. 1.) XSS in generated `search_index.js`, `deno_doc` outputs a JavaScript file for searching. However, the generatโฆ
4.6
CVE-2024-51723 - Vulnerability in Management Console Impacts BlackBerry AtHoc
A Stored Cross-Site Scripting (XSS) vulnerability in the Management Console of BlackBerry AtHoc version 7.15 could allow an attacker to potentially execute actions in the context of the victim's session.
7.8
CVE-2024-8272 - macOS Universal Audio (UAConnect) <= 2.7.0 - Local Privilege Escalation
The com.uaudio.bsd.helperย service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting toโฆ
7.8
CVE-2024-7915 - macOS Sensei Mac Cleaner Local Privilege Escalation via PID Reuse - Race Condition Attack
The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the rootย user. These operations include arbitrary file deletion and writing, loading and unloading daemons, manipulating file permissions, and loading extenโฆ
5.3
CVE-2024-11738 - Rustls: rustls network-reachable panic in `acceptor::accept`
A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.