Riasztások | HunCERT csoport

2025. Jan. 9.

NA - CVE-2024-13312 - Missing Authorization vulnerability in Drupal...

Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9.

security-database.com

Tovább

2025. Jan. 9.

NA - CVE-2024-48806 - Buffer Overflow vulnerability in Neat Board NFC...

Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allows a physically proximate attackers to escalate privileges via a crafted payload to the password field

security-database.com

Tovább

2025. Jan. 9.

NA - CVE-2024-55224 - An HTML injection vulnerability in Vaultwarden...

An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message.

security-database.com

Tovább

2025. Jan. 9.

NA - CVE-2024-55225 - An issue in the component src/api/identity.rs...

An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request.

security-database.com

Tovább

2025. Jan. 9.

NA - CVE-2024-55226 - Vaultwarden v1.32.5 was discovered to contain...

Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting (XSS) vulnerability via the component /api/core/mod.rs.

security-database.com

Tovább

2025. Jan. 9.

NA - CVE-2023-28354 - An issue was discovered in Opsview Monitor...

An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call check_nrpe against affected targets, specifying known NRPE plugins, which in default installations...

security-database.com

Tovább

2025. Jan. 9.

NA - CVE-2024-46464 - In PRIMX ZED Enterprise up to 2024.3, technical...

In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an...

security-database.com

Tovább

2025. Jan. 9.

NA - CVE-2024-51229 - Cross Site Scripting vulnerability in...

Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows a remote attacker to execute arbitrary code via the theme management function.

security-database.com

Tovább

2025. Jan. 9.

High - CVE-2025-21385 - A Server-Side Request Forgery (SSRF)...

A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.

security-database.com

Tovább

2025. Jan. 9.

NA - CVE-2024-56376 - A stored cross-site scripting (XSS)...

A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the...

security-database.com

Tovább

Telefon:	+36 1 279 6222 (09:00-16:00)
Email:	@email
Cím:	1111 Budapest, Kende u. 13-17.