Magánszemélyeknek | HunCERT csoport

2025. jan. 31.

Riasztás

NA - CVE-2024-53584 - OpenPanel v0.3.4 was discovered to contain an...

OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter.

security-database.com

Tovább

2025. jan. 31.

Riasztás

NA - CVE-2024-57432 - macrozheng mall-tiny 1.0.1 suffers from...

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used...

security-database.com

Tovább

2025. jan. 31.

Riasztás

NA - CVE-2025-22957 - A SQL injection vulnerability exists in the...

A SQL injection vulnerability exists in the front-end of the website in ZZCMS

security-database.com

Tovább

2025. jan. 31.

Riasztás

NA - CVE-2025-23001 - A Host Header Injection vulnerability exists in...

A Host Header Injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header. An attacker can manipulate the Host header in HTTP...

security-database.com

Tovább

2025. jan. 31.

Riasztás

NA - CVE-2025-0938 - The Python standard library functions...

The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are...

security-database.com

Tovább

2025. jan. 31.

Riasztás

NA - CVE-2025-24891 - Dumb Drop is a file upload application. Users...

Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs...

security-database.com

Tovább

2025. jan. 30.

Biztonsági szemle