The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-41914 | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim\'s browser in the context of the affected interface. | -- | Jul 25, 2024 |
| CVE-2024-41880 | In veilid-core in Veilid before 0.3.4, the protocol\'s ping function can be misused in a way that decreases the effectiveness of safety and private routes. | -- | Jul 22, 2024 |
| CVE-2024-41839 | Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. | -- | Jul 23, 2024 |
| CVE-2024-41836 | InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jul 23, 2024 |
| CVE-2024-41829 | In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection | -- | Jul 22, 2024 |
| CVE-2024-41828 | In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time | -- | Jul 22, 2024 |
| CVE-2024-41827 | In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration | -- | Jul 22, 2024 |
| CVE-2024-41826 | In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page | -- | Jul 22, 2024 |
| CVE-2024-41825 | In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab | -- | Jul 22, 2024 |
| CVE-2024-41824 | In JetBrains TeamCity before 2024.07 parameters of the password type could leak into the build log in some specific cases | -- | Jul 22, 2024 |
| CVE-2024-41809 | OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of `openobserve/web/src/views/MemberSubscription.vue`. Version 0.10.0 sanitizes incoming html. | -- | Jul 25, 2024 |
| CVE-2024-41808 | The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. It has been noted that the front-end uses `DOMPurify` or Vue templating to escape cross-site scripting (XSS) extensively, however certain areas of the front end lack this XSS protection. When combining the missing protection with the insecure authentication handling that the front-end uses, a malicious user may be able to take over any victim\'s account provided they meet the exploitation steps. As of time of publication, no patched version is available. | -- | Jul 25, 2024 |
| CVE-2024-41806 | The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available when the uploader uses versions master, palm, olive, nutmeg, maple, lilac, koa, or juniper. The patch in commit cb729a3ced0404736dfa0ae768526c82b608657b ensures that cohorts data uploaded to AWS S3 buckets is written with a private ACL. Beyond patching, deployers should also ensure that existing cohorts uploads have a private ACL, or that other precautions are taken to avoid public access. | -- | Jul 25, 2024 |
| CVE-2024-41801 | OpenProject is open source project management software. Prior to version 14.3.0, using a forged HOST header in the default configuration of packaged installations and using the Login required setting, an attacker could redirect to a remote host to initiate a phishing attack against an OpenProject user\'s account. This vulnerability affects default packaged installation of OpenProject without any additional configuration or modules on Apache (such as mod_security, manually setting a host name, having a fallthrough VirtualHost). It might also affect other installations that did not take care to fix the HOST/X-Forwarded-Host headers. Version 14.3.0 includes stronger protections for the hostname from within the application using the HostAuthorization middleware of Rails to reject any requests with a host name that does not match the configured one. Also, all generated links by the application are now ensured to use the built-in hostname. Users who aren\'t able to upgrade immediately may use mod_security for Apache2 or manually fix the Host and X-Forwarded-Host headers in their proxying application before reaching the application server of OpenProject. Alternatively, they can manually apply the patch to opt-in to host header protections in previous versions of OpenProject. | -- | Jul 25, 2024 |
| CVE-2024-41800 | Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim\'s credentials. This has been patched in Craft 5.2.3. | -- | Jul 25, 2024 |
| CVE-2024-41709 | Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the administer fields permission. | -- | Jul 22, 2024 |
| CVE-2024-41707 | An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | -- | Jul 25, 2024 |
| CVE-2024-41706 | A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P4 (6.14.0.4) is also a fixed release. | -- | Jul 25, 2024 |
| CVE-2024-41705 | A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14.P4 (6.14.0.4) and 6.13 P4 (6.13.0.4) are also fixed releases. This vulnerability is similar to, but not identical to, CVE-2023-30639. | -- | Jul 25, 2024 |
| CVE-2024-41704 | LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a fixed version release has started in PR 3363.) | -- | Jul 22, 2024 |
| CVE-2024-41703 | LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed version release has started in PR 3363.) | -- | Jul 22, 2024 |
| CVE-2024-41672 | DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using `sniff_csv`, even with `enable_external_access=false`. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other similar functions do NOT provide access. There seem to be two vectors to this vulnerability. First, access to files that should otherwise not be allowed. Second, the content from a file can be read (e.g. `/etc/hosts`, `proc/self/environ`, etc) even though that doesn\'t seem to be the intent of the sniff_csv function. A fix for this issue is available in commit c9b7c98aa0e1cd7363fe8bb8543a95f38e980d8a and is expected to be part of version 1.1.0. | -- | Jul 25, 2024 |
| CVE-2024-41668 | The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. When running a publicly exposed proxy endpoint without authentication, cBioPortal could allow someone to perform a Server Side Request Forgery (SSRF) attack. Logged in users could do the same on private instances. A fix has been released in version 6.0.12. As a workaround, one might be able to disable `/proxy` endpoint entirely via, for example, nginx. | -- | Jul 23, 2024 |
| CVE-2024-41667 | OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to override the default PingOne Advanced Identity Cloud login page,they did not restrict the `CustomLoginUrlTemplate`, allowing it to be set freely. Commit fcb8432aa77d5b2e147624fe954cb150c568e0b8 introduces `TemplateClassResolver.SAFER_RESOLVER` to disable the resolution of commonly exploited classes in FreeMarker template injection. As of time of publication, this fix is expected to be part of version 15.0.4. | -- | Jul 25, 2024 |
| CVE-2024-41666 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator enables this function and grants permission to the user `p, role:myrole, exec, create, */*, allow`, even if the user revokes this permission, the user can still perform operations in the container, as long as the user keeps the terminal view open for a long time. Although the token expiration and revocation of the user are fixed, however, the fix does not address the situation of revocation of only user `p, role:myrole, exec, create, */*, allow` permissions, which may still lead to the leakage of sensitive information. A patch for this vulnerability has been released in Argo CD versions 2.11.7, 2.10.16, and 2.9.21. | -- | Jul 25, 2024 |
| CVE-2024-41665 | Ampache, a web based audio/video streaming application and file manager, has a stored cross-site scripting (XSS) vulnerability in versions prior to 6.6.0. This vulnerability exists in the Playlists - Democratic - Configure Democratic Playlist feature. An attacker with Content Manager permissions can set the Name field to `<svg onload=alert(8)>`. When any administrator or user accesses the Democratic functionality, they will be affected by this stored XSS vulnerability. The attacker can exploit this vulnerability to obtain the cookies of any user or administrator who accesses the `democratic.php` file. Version 6.6.0 contains a patch for the issue. | -- | Jul 23, 2024 |
| CVE-2024-41664 | Canarytokens help track activity and actions on a network. Prior to `sha-8ea5315`, Canarytokens.org was vulnerable to a blind SSRF in the Webhook alert feature. When a Canarytoken is created, users choose to receive alerts either via email or via a webhook. If a webhook is supplied when a Canarytoken is first created, the site will make a test request to the supplied URL to ensure it accepts alert notification HTTP requests. No safety checks were performed on the URL, leading to a Server-Side Request Forgery vulnerability. The SSRF is Blind because the content of the response is not displayed to the creating user; they are simply told whether an error occurred in making the test request. Using the Blind SSRF, it was possible to map out open ports for IPs inside the Canarytokens.org infrastructure. This issue is now patched on Canarytokens.org. Users of self-hosted Canarytokens installations can update by pulling the latest Docker image, or any Docker image after `sha-097d91a`. | -- | Jul 23, 2024 |
| CVE-2024-41663 | Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the Cloned Website Canarytoken, whereby the Canarytoken\'s creator can attack themselves. The creator of a slow-redirect Canarytoken can insert Javascript into the destination URL of their slow redirect token. When the creator later browses the management page for their own Canarytoken, the Javascript executes. This is a self-XSS. An attacker could create a Canarytoken with this self-XSS, and send the management link to a victim. When they click on it, the Javascript would execute. However, no sensitive information (ex. session information) will be disclosed to the malicious actor. This issue is now patched on Canarytokens.org. Users of self-hosted Canarytokens installations can update by pulling the latest Docker image, or any Docker image after `sha-097d91a`. | -- | Jul 23, 2024 |
| CVE-2024-41662 | VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerability has been identified in the Markdown rendering functionality of versions 3.18.1 and prior of the VNote note-taking application. This vulnerability allows the injection and execution of arbitrary JavaScript code through which remote code execution can be achieved. A patch for this issue is available at commit f1af78573a0ef51d6ef6a0bc4080cddc8f30a545. Other mitigation strategies include implementing rigorous input sanitization for all Markdown content and utilizing a secure Markdown parser that appropriately escapes or strips potentially dangerous content. | -- | Jul 25, 2024 |
| CVE-2024-41661 | reNgine is an automated reconnaissance framework for web applications. In versions 1.2.0 through 2.1.1, an authenticated command injection vulnerability in the WAF detection tool allows an authenticated attacker to remotely execute arbitrary commands as root user. The URL query parameter `url` is passed to `subprocess.check_output` without any sanitization, resulting in a command injection vulnerability. This API endpoint is accessible by authenticated users with any use role. Because the process runs as `root`, an attacker has root access. Commit edd3c85ee16f93804ad38dac5602549d2d30a93e contains a patch for the issue. | -- | Jul 23, 2024 |
| CVE-2024-41656 | Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 24.7.1, an unsanitized payload sent by an Integration platform integration allows storing arbitrary HTML tags on the Sentry side with the subsequent rendering them on the Issues page. Self-hosted Sentry users may be impacted in case of untrustworthy Integration platform integrations sending external issues from their side to Sentry. A patch has been released in Sentry 24.7.1. For Sentry SaaS customers, no action is needed. This has been patched on July 23, and even prior to the fix, the exploitation was not possible due to the strict Content Security Policy deployed on sentry.io site. For self-hosted users, the maintainers of Sentry strongly recommend upgrading Sentry to the latest version. If it is not possible, one could enable CSP on one\'s self-hosted installation with `CSP_REPORT_ONLY = False` (enforcing mode). This will mitigate the risk of cross-site scripting. | -- | Jul 23, 2024 |
| CVE-2024-41655 | TF2 Item Format helps users format TF2 items to the community standards. Versions of `tf2-item-format` since at least `4.2.6` and prior to `5.9.14` are vulnerable to a Regular Expression Denial of Service (ReDoS) attack when parsing crafted user input. This vulnerability can be exploited by an attacker to perform DoS attacks on any service that uses any `tf2-item-format` to parse user input. Version `5.9.14` contains a fix for the issue. | -- | Jul 23, 2024 |
| CVE-2024-41603 | Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the URI /admin/layout. | -- | Jul 22, 2024 |
| CVE-2024-41602 | Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL | -- | Jul 22, 2024 |
| CVE-2024-41601 | Insecure Permissions vulnerability in lin-CMS v.0.2.0 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component. | -- | Jul 22, 2024 |
| CVE-2024-41600 | Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component. | -- | Jul 22, 2024 |
| CVE-2024-41599 | Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the file upload method | -- | Jul 22, 2024 |
| CVE-2024-41597 | Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality. | -- | Jul 22, 2024 |
| CVE-2024-41551 | CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= . | -- | Jul 25, 2024 |
| CVE-2024-41550 | CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_invoice_items.php?id= . | -- | Jul 25, 2024 |
| CVE-2024-41492 | A stack overflow in Tenda AX1806 v1.0.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | -- | Jul 22, 2024 |
| CVE-2024-41473 | Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac | -- | Jul 25, 2024 |
| CVE-2024-41468 | Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommand | -- | Jul 25, 2024 |
| CVE-2024-41466 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting. | -- | Jul 25, 2024 |
| CVE-2024-41465 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/setcfm. | -- | Jul 25, 2024 |
| CVE-2024-41464 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic | -- | Jul 25, 2024 |
| CVE-2024-41463 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/addressNat. | -- | Jul 25, 2024 |
| CVE-2024-41462 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient. | -- | Jul 25, 2024 |
| CVE-2024-41461 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient. | -- | Jul 25, 2024 |
| CVE-2024-41460 | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/RouteStatic. | -- | Jul 25, 2024 |
