Aggregator

Currently trending CVE - Hype Score: 38 - A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a ...

Currently trending CVE - Hype Score: 43 - Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

Currently trending CVE - Hype Score: 66 - TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .

Currently trending CVE - Hype Score: 27 - Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from ...

Currently trending CVE - Hype Score: 27 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.  When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to ...

Currently trending CVE - Hype Score: 23 - Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or ...

Currently trending CVE - Hype Score: 48 - A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially ...

Currently trending CVE - Hype Score: 26 - Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Currently trending CVE - Hype Score: 39 - An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests ...

Currently trending CVE - Hype Score: 23 - Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

A vulnerability classified as problematic was found in Mozilla Thunderbird up to 115.6. Affected by this vulnerability is an unknown functionality of the component iFrame Handler. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is known as CVE-2024-0747. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 115.6. It has been rated as problematic. This issue affects some unknown processing of the component Browser Prompt Handler. The manipulation leads to an unknown weakness. The identification of this vulnerability is CVE-2024-0742. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Mozilla Firefox up to 115.6. Affected is an unknown function of the component iFrame Handler. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is traded as CVE-2024-0747. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 115.6 on Linux and classified as problematic. This issue affects some unknown processing of the component Print Preview Dialog. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-0746. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 115.6 on Linux. It has been classified as problematic. Affected is an unknown function of the component Print Preview Dialog. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-0746. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox and classified as critical. Affected by this issue is some unknown functionality of the component ANGLE. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2024-0741. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird. It has been classified as critical. This affects an unknown part of the component ANGLE. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2024-0741. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 115.6. It has been declared as problematic. This vulnerability affects unknown code of the component Browser Prompt Handler. The manipulation leads to an unknown weakness. This vulnerability was named CVE-2024-0742. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in GNOME file-roller up to 3.29.90 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation with the input ./../ as part of TAR Archive leads to path traversal. This vulnerability is known as CVE-2019-16680. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.