In Vaultwarden version 1.32.5 a low severity vulnerability CVE-2024-55226 was detected. This vulnerability allows attackers to execute authenticated reflected Cross-Site Scripting (XSS) attacks via the `/api/core/mod.rs` component. To address this issue, users should upgrade Vaultwarden to version 1.32.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55226.
Read more SecurityIn OpenVPN versions prior to 2.6.11 a critical severity vulnerability CVE-2024-5594 was detected. This vulnerability allows attackers to exploit improperly sanitized PUSH_REPLY messages, potentially injecting arbitrary data into third-party executables or plug-ins. To address this issue, users should upgrade to OpenVPN version 2.6.11 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5594.
Read more SecurityIn Invoice Ninja versions before 5.10.43 a high severity vulnerability CVE-2024-55555 was detected. This vulnerability allows attackers with access to the APP_KEY to execute remote code without authentication. The issue arises from insecure handling of serialized objects in a pre-authenticated route. To address this issue, users must upgrade to Invoice Ninja version 5.10.43 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55555.
Read more SecurityIn Vaultwarden versions 1.32.6 and prior a high severity vulnerability CVE-2024-56335 was detected. This vulnerability allows attackers with specific conditions to update or delete groups from an organization, potentially causing denial of service or privilege escalation. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-56335.
Read more SecurityIn the Keycloak versions before 25.0.0 and before 26.0.6 a medium severity vulnerability CVE-2024-10973 was detected. This vulnerability allows attackers on adjacent networks to access sensitive information due to unencrypted data transmission. To fix this issue, users should upgrade Keycloak to version 26.0.6 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-10973.
Read more SecurityIn Keycloak OIDC-Client versions 34.0.1 and prior a medium severity vulnerability CVE-2024-12369 was detected. This vulnerability allows attackers to inject a stolen authorization code into their own session, impersonating a victim with the victim’s identity. This attack can be executed via a Man-in-the-Middle (MitM) or phishing attack. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12369.
Read more SecurityIn Traefik versions prior to 2.11.14, prior to 3.0.0 and prior to 3.2.1 a medium severity vulnerability CVE-2024-52003 was detected. This vulnerability allows attackers to provide the X-Forwarded-Prefix header from an untrusted source, leading to potential issues. To address this issue, users must upgrade to Traefik version 2.11.14 or 3.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52003.
Read more SecurityIn Keycloak versions up to 26.0.2 a medium severity vulnerability CVE-2024-10451 was detected. This vulnerability allows attackers to capture sensitive runtime values, such as passwords, which may be embedded in bytecode during the build process. To address this issue, users must upgrade to Keycloak versions 26.0.6 or 26.0.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10451.
Read more SecurityIn Keycloak versions prior to 24.0.9, prior to 26.0.6 and 25.0.0 and prior a medium severity vulnerability CVE-2024-9666 was detected. This vulnerability allows attackers to exploit improper handling of proxy headers, leading to costly DNS resolution operations and potential denial of service (DoS). To address this issue, users must upgrade to Keycloak versions 26.0.6 or 24.0.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9666.
Read more Security