4.3
CVE-2024-22244 - Harbor Open Redirect URL
Open Redirect in HarborΒ <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site.
6.8
CVE-2022-37020 - HP PC BIOS May 2024 Security Updates for Potential Stack Buffer Overflows
Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.
6.8
CVE-2022-37019 - HP PC BIOS May 2024 Security Updates for Potential Stack Buffer Overflows
Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.
7.5
CVE-2024-36471 - Apache Allura: sensitive information exposure via DNS rebinding
Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.Β Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 through 1.16.0. Users areβ¦
5.3
CVE-2024-37169 - @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol `http` or `https`β¦
8.9
CVE-2024-37166 - ghtml Cross-Site Scripting (XSS) vulnerability
ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated dβ¦
0.0
CVE-2024-5825 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
8.8
CVE-2024-35242 - Composer vulnerable to command injection via malicious git/hg branch names
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are availabβ¦
7.8
CVE-2024-37289 -
An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
5.3
CVE-2024-36473 -
Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of privileges.