Alerts

An issue was discovered in MBed OS 6.16.0. When parsing hci reports, the hci parsing software dynamically determines the length of a list of reports by reading a byte from an input stream. It then...

An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. Certain events cause a callback, the...

Querydsl 5.1.0 allows SQL/HQL injection in orderBy in JPAQuery.

Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte...

HkCms

A stored cross-site scripting (XSS) vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page...

A stored cross-site scripting (XSS) vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into...

H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter.

Date: November 19, 2024 Revision Date Changes 1.0 November 19, 2024 Initial release The CVE-ID tracking this issue: CVE-2024-7095 CVSSv3.1 Base Score: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) Common Weakness Enumeration: CWE-401: Missing...

Date: November 19, 2024 Revision Date Changes 1.0 November 19, 2024 Initial release Description The CVE-ID tracking this issue: CVE-2024-5872 CVSSv3.1 Base Score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) Common Weakness Enumeration: CWE-346...