4.8
CVE-2024-45811 - server.fs.deny bypassed when using ?import&raw in vite
Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it eβ¦
6.5
CVE-2024-45537 - Apache Druid: Users can provide MySQL JDBC properties not on allow list
Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide fβ¦
5.3
CVE-2024-45384 - Apache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4jβ¦
Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not usingβ¦
6.3
CVE-2024-8947 - MicroPython objarray.c use after free
A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The expβ¦
6.9
CVE-2024-8946 - MicroPython VFS Unmount vfs.c mp_vfs_umount heap-based overflow
A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit β¦
5.3
CVE-2024-45612 - Insert tag injection via canonical URL in Contao
Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page (front end). Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root β¦
5.1
CVE-2024-45803 - Cross site scripting (XSS) Vulnerability on route /wireui/button?label=Content in wireui
Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting (XSS) vulnerability has been identified in the `/wireui/button` endpoint, specifically through the `label` query parameter. Malicious actors could exploit this β¦
8.1
CVE-2024-43460 - Dynamics 365 Business Central Elevation of Privilege Vulnerability
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.
9.8
CVE-2024-38183 - GroupMe Elevation of Privilege Vulnerability
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network.
7.5
CVE-2024-8900 - firefox: Clipboard write permission bypass
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3.